Vulnerability-Lookup

CVE-2016-6496 (GCVE-0-2016-6496)

Vulnerability from cvelistv5 – Published: 2016-12-09 22:00 – Updated: 2024-08-06 01:29

Summary

The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.

Severity

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

hpe

References

5 references

URL	Tags
https://jira.atlassian.com/browse/CWD-4790	x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/539655/100…	mailing-listx_refsource_BUGTRAQ
https://www.blackhat.com/docs/us-16/materials/us-…	x_refsource_MISC
https://confluence.atlassian.com/crowd/crowd-secu…	x_refsource_CONFIRM
http://www.securityfocus.com/bid/93826	vdb-entryx_refsource_BID

Date Public

2016-10-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:20.272Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CWD-4790"
          },
          {
            "name": "20161031 October 2016 - Crowd - Critical Security Advisory",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/539655/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html"
          },
          {
            "name": "93826",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93826"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01.000Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://jira.atlassian.com/browse/CWD-4790"
        },
        {
          "name": "20161031 October 2016 - Crowd - Critical Security Advisory",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/539655/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html"
        },
        {
          "name": "93826",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93826"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2016-6496",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/CWD-4790",
              "refsource": "CONFIRM",
              "url": "https://jira.atlassian.com/browse/CWD-4790"
            },
            {
              "name": "20161031 October 2016 - Crowd - Critical Security Advisory",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/539655/100/0/threaded"
            },
            {
              "name": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf",
              "refsource": "MISC",
              "url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf"
            },
            {
              "name": "https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html",
              "refsource": "CONFIRM",
              "url": "https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html"
            },
            {
              "name": "93826",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93826"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2016-6496",
    "datePublished": "2016-12-09T22:00:00.000Z",
    "dateReserved": "2016-08-01T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:29:20.272Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2016-6496",
      "date": "2026-06-03",
      "epss": "0.02912",
      "percentile": "0.86633"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-6496\",\"sourceIdentifier\":\"security-alert@hpe.com\",\"published\":\"2016-12-09T22:59:02.233\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.\"},{\"lang\":\"es\",\"value\":\"El conector de directorio LDAP en Atlassian Crowd en versiones anteriores a 2.8.8 y 2.9.x en versiones anteriores a 2.9.5 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un atributo LDAP con un objeto Java serializado manipulado, tambi\u00e9n conocido como envenenamiento de entrada LDAP.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.8.4\",\"matchCriteriaId\":\"2FAD9482-A678-48B0-BD13-4816E5F6C633\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:crowd:2.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81B0955C-B68C-4EE5-9C95-D722CFF41038\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:crowd:2.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"759D841A-F266-4B05-9F7C-A2D4112A18F0\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/archive/1/539655/100/0/threaded\",\"source\":\"security-alert@hpe.com\"},{\"url\":\"http://www.securityfocus.com/bid/93826\",\"source\":\"security-alert@hpe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html\",\"source\":\"security-alert@hpe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/CWD-4790\",\"source\":\"security-alert@hpe.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf\",\"source\":\"security-alert@hpe.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.securityfocus.com/archive/1/539655/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/93826\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/CWD-4790\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]}]}}"
  }
}

CNVD-2016-10452

Vulnerability from cnvd - Published: 2016-10-31

Title

Atlassian Crowd LDAP条目注入漏洞

Description

Atlassian Crowd是一套基于Web的单点登录系统。 Atlassian Crowd存在安全漏洞，允许远程攻击者可利用漏洞提交特殊的LDAP条目，注入恶意元素执行任意代码。

Severity

高

Patch Name

Atlassian Crowd LDAP条目注入漏洞的补丁

Patch Description

Atlassian Crowd是一套基于Web的单点登录系统。 Atlassian Crowd存在安全漏洞，允许远程攻击者可利用漏洞提交特殊的LDAP条目，注入恶意元素执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html

Reference

https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html

Impacted products

Name
['Atlassian Crowd 2.6.3', 'Atlassian Crowd 2.3.8', 'Atlassian Crowd 2.3.9', 'Atlassian Crowd 1.5.3', 'Atlassian Crowd 1.5.2', 'Atlassian Crowd 1.5.1', 'Atlassian Crowd 1.4.8', 'Atlassian Crowd 1.4.7', 'Atlassian Crowd 1.4.4', 'Atlassian Crowd 1.4.3', 'Atlassian Crowd 1.4.2', 'Atlassian Crowd 1.4', 'Atlassian Crowd 2.9.4', 'Atlassian Crowd 2.9.3', 'Atlassian Crowd 2.9.2', 'Atlassian Crowd 2.9.1', 'Atlassian Crowd 2.9', 'Atlassian Crowd 2.6.2', 'Atlassian Crowd 2.5.4', 'Atlassian Crowd 2.5.3', 'Atlassian Crowd 2.4.9', 'Atlassian Crowd 2.7', 'Atlassian Crowd 2.6.1', 'Atlassian Crowd 2.6.0', 'Atlassian Crowd 2.5.2', 'Atlassian Crowd 2.5.1', 'Atlassian Crowd 2.5.0', 'Atlassian Crowd 2.4.2', 'Atlassian Crowd 2.4.1', 'Atlassian Crowd 2.3.7', 'Atlassian Crowd 2.3.6', 'Atlassian Crowd 2.3.4', 'Atlassian Crowd 2.3.3', 'Atlassian Crowd 2.3.2', 'Atlassian Crowd 2.3.1', 'Atlassian Crowd 2.2.9', 'Atlassian Crowd 2.2.7', 'Atlassian Crowd 2.2.4', 'Atlassian Crowd 2.2.2', 'Atlassian Crowd 2.1.2', 'Atlassian Crowd 2.1.1', 'Atlassian Crowd 2.0.9', 'Atlassian Crowd 2.0.7', 'Atlassian Crowd 2.0.6', 'Atlassian Crowd 2.0.5', 'Atlassian Crowd 2.0.4', 'Atlassian Crowd 2.0.3', 'Atlassian Crowd 2.0.2', 'Atlassian Crowd 2.0.1', 'Atlassian Crowd 1.6.3', 'Atlassian Crowd 1.6.1', 'Atlassian Crowd 1.6']

Name

['Atlassian Crowd 2.6.3', 'Atlassian Crowd 2.3.8', 'Atlassian Crowd 2.3.9', 'Atlassian Crowd 1.5.3', 'Atlassian Crowd 1.5.2', 'Atlassian Crowd 1.5.1', 'Atlassian Crowd 1.4.8', 'Atlassian Crowd 1.4.7', 'Atlassian Crowd 1.4.4', 'Atlassian Crowd 1.4.3', 'Atlassian Crowd 1.4.2', 'Atlassian Crowd 1.4', 'Atlassian Crowd 2.9.4', 'Atlassian Crowd 2.9.3', 'Atlassian Crowd 2.9.2', 'Atlassian Crowd 2.9.1', 'Atlassian Crowd 2.9', 'Atlassian Crowd 2.6.2', 'Atlassian Crowd 2.5.4', 'Atlassian Crowd 2.5.3', 'Atlassian Crowd 2.4.9', 'Atlassian Crowd 2.7', 'Atlassian Crowd 2.6.1', 'Atlassian Crowd 2.6.0', 'Atlassian Crowd 2.5.2', 'Atlassian Crowd 2.5.1', 'Atlassian Crowd 2.5.0', 'Atlassian Crowd 2.4.2', 'Atlassian Crowd 2.4.1', 'Atlassian Crowd 2.3.7', 'Atlassian Crowd 2.3.6', 'Atlassian Crowd 2.3.4', 'Atlassian Crowd 2.3.3', 'Atlassian Crowd 2.3.2', 'Atlassian Crowd 2.3.1', 'Atlassian Crowd 2.2.9', 'Atlassian Crowd 2.2.7', 'Atlassian Crowd 2.2.4', 'Atlassian Crowd 2.2.2', 'Atlassian Crowd 2.1.2', 'Atlassian Crowd 2.1.1', 'Atlassian Crowd 2.0.9', 'Atlassian Crowd 2.0.7', 'Atlassian Crowd 2.0.6', 'Atlassian Crowd 2.0.5', 'Atlassian Crowd 2.0.4', 'Atlassian Crowd 2.0.3', 'Atlassian Crowd 2.0.2', 'Atlassian Crowd 2.0.1', 'Atlassian Crowd 1.6.3', 'Atlassian Crowd 1.6.1', 'Atlassian Crowd 1.6']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93826"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6496"
    }
  },
  "description": "Atlassian Crowd\u662f\u4e00\u5957\u57fa\u4e8eWeb\u7684\u5355\u70b9\u767b\u5f55\u7cfb\u7edf\u3002\r\n\r\nAtlassian Crowd\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684LDAP\u6761\u76ee\uff0c\u6ce8\u5165\u6076\u610f\u5143\u7d20\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Alvaro Munoz and Alexander Mirosh of HPE Security Fortify",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10452",
  "openTime": "2016-10-31",
  "patchDescription": "Atlassian Crowd\u662f\u4e00\u5957\u57fa\u4e8eWeb\u7684\u5355\u70b9\u767b\u5f55\u7cfb\u7edf\u3002\r\n\r\nAtlassian Crowd\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684LDAP\u6761\u76ee\uff0c\u6ce8\u5165\u6076\u610f\u5143\u7d20\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Atlassian Crowd LDAP\u6761\u76ee\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Atlassian Crowd 2.6.3",
      "Atlassian Crowd  2.3.8",
      "Atlassian Crowd  2.3.9",
      "Atlassian Crowd 1.5.3",
      "Atlassian Crowd  1.5.2",
      "Atlassian Crowd  1.5.1",
      "Atlassian Crowd  1.4.8",
      "Atlassian Crowd  1.4.7",
      "Atlassian Crowd  1.4.4",
      "Atlassian Crowd  1.4.3",
      "Atlassian Crowd  1.4.2",
      "Atlassian Crowd  1.4",
      "Atlassian Crowd 2.9.4",
      "Atlassian Crowd  2.9.3",
      "Atlassian Crowd  2.9.2",
      "Atlassian Crowd  2.9.1",
      "Atlassian Crowd  2.9",
      "Atlassian Crowd  2.6.2",
      "Atlassian Crowd  2.5.4",
      "Atlassian Crowd  2.5.3",
      "Atlassian Crowd  2.4.9",
      "Atlassian Crowd  2.7",
      "Atlassian Crowd  2.6.1",
      "Atlassian Crowd  2.6.0",
      "Atlassian Crowd  2.5.2",
      "Atlassian Crowd  2.5.1",
      "Atlassian Crowd  2.5.0",
      "Atlassian Crowd  2.4.2",
      "Atlassian Crowd  2.4.1",
      "Atlassian Crowd  2.3.7",
      "Atlassian Crowd  2.3.6",
      "Atlassian Crowd  2.3.4",
      "Atlassian Crowd  2.3.3",
      "Atlassian Crowd  2.3.2",
      "Atlassian Crowd  2.3.1",
      "Atlassian Crowd  2.2.9",
      "Atlassian Crowd  2.2.7",
      "Atlassian Crowd  2.2.4",
      "Atlassian Crowd  2.2.2",
      "Atlassian Crowd  2.1.2",
      "Atlassian Crowd  2.1.1",
      "Atlassian Crowd 2.0.9",
      "Atlassian Crowd  2.0.7",
      "Atlassian Crowd  2.0.6",
      "Atlassian Crowd  2.0.5",
      "Atlassian Crowd  2.0.4",
      "Atlassian Crowd  2.0.3",
      "Atlassian Crowd  2.0.2",
      "Atlassian Crowd  2.0.1",
      "Atlassian Crowd  1.6.3",
      "Atlassian Crowd  1.6.1",
      "Atlassian Crowd  1.6"
    ]
  },
  "referenceLink": "https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html",
  "serverity": "\u9ad8",
  "submitTime": "2016-10-27",
  "title": "Atlassian Crowd LDAP\u6761\u76ee\u6ce8\u5165\u6f0f\u6d1e"
}

FKIE_CVE-2016-6496

Vulnerability from fkie_nvd - Published: 2016-12-09 22:59 - Updated: 2026-05-06 22:30

Severity

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-alert@hpe.com	http://www.securityfocus.com/archive/1/539655/100/0/threaded
security-alert@hpe.com	http://www.securityfocus.com/bid/93826	Third Party Advisory, VDB Entry
security-alert@hpe.com	https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html	Vendor Advisory
security-alert@hpe.com	https://jira.atlassian.com/browse/CWD-4790	Issue Tracking
security-alert@hpe.com	https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/539655/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93826	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jira.atlassian.com/browse/CWD-4790	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf	Not Applicable

Impacted products

Vendor	Product	Version
atlassian	crowd	*
atlassian	crowd	2.9.0
atlassian	crowd	2.9.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAD9482-A678-48B0-BD13-4816E5F6C633",
              "versionEndIncluding": "2.8.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:crowd:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "81B0955C-B68C-4EE5-9C95-D722CFF41038",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:crowd:2.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "759D841A-F266-4B05-9F7C-A2D4112A18F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning."
    },
    {
      "lang": "es",
      "value": "El conector de directorio LDAP en Atlassian Crowd en versiones anteriores a 2.8.8 y 2.9.x en versiones anteriores a 2.9.5 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un atributo LDAP con un objeto Java serializado manipulado, tambi\u00e9n conocido como envenenamiento de entrada LDAP."
    }
  ],
  "id": "CVE-2016-6496",
  "lastModified": "2026-05-06T22:30:45.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-09T22:59:02.233",
  "references": [
    {
      "source": "security-alert@hpe.com",
      "url": "http://www.securityfocus.com/archive/1/539655/100/0/threaded"
    },
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93826"
    },
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html"
    },
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://jira.atlassian.com/browse/CWD-4790"
    },
    {
      "source": "security-alert@hpe.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/539655/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/93826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://jira.atlassian.com/browse/CWD-4790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf"
    }
  ],
  "sourceIdentifier": "security-alert@hpe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-GQPX-798C-8554

Vulnerability from github – Published: 2022-05-14 02:46 – Updated: 2022-05-14 02:46

Details

Severity

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6496"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-09T22:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.",
  "id": "GHSA-gqpx-798c-8554",
  "modified": "2022-05-14T02:46:12Z",
  "published": "2022-05-14T02:46:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6496"
    },
    {
      "type": "WEB",
      "url": "https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html"
    },
    {
      "type": "WEB",
      "url": "https://jira.atlassian.com/browse/CWD-4790"
    },
    {
      "type": "WEB",
      "url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/539655/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93826"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-6496

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-6496

Aliases

CVE-2016-6496

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6496",
    "description": "The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.",
    "id": "GSD-2016-6496"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6496"
      ],
      "details": "The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning.",
      "id": "GSD-2016-6496",
      "modified": "2023-12-13T01:21:23.441553Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-alert@hpe.com",
        "ID": "CVE-2016-6496",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://jira.atlassian.com/browse/CWD-4790",
            "refsource": "CONFIRM",
            "url": "https://jira.atlassian.com/browse/CWD-4790"
          },
          {
            "name": "20161031 October 2016 - Crowd - Critical Security Advisory",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/539655/100/0/threaded"
          },
          {
            "name": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf",
            "refsource": "MISC",
            "url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf"
          },
          {
            "name": "https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html",
            "refsource": "CONFIRM",
            "url": "https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html"
          },
          {
            "name": "93826",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93826"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.8.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:atlassian:crowd:2.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:atlassian:crowd:2.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-alert@hpe.com",
          "ID": "CVE-2016-6496"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93826",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/93826"
            },
            {
              "name": "https://jira.atlassian.com/browse/CWD-4790",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://jira.atlassian.com/browse/CWD-4790"
            },
            {
              "name": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf",
              "refsource": "MISC",
              "tags": [
                "Not Applicable"
              ],
              "url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf"
            },
            {
              "name": "https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://confluence.atlassian.com/crowd/crowd-security-advisory-2016-10-19-856697283.html"
            },
            {
              "name": "20161031 October 2016 - Crowd - Critical Security Advisory",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/539655/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-10-09T20:00Z",
      "publishedDate": "2016-12-09T22:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-6496 (GCVE-0-2016-6496)

CNVD-2016-10452

FKIE_CVE-2016-6496

GHSA-GQPX-798C-8554

GSD-2016-6496

Tags

Sightings

Nomenclature