CVE-2018-1337 Vulnerability Details

  /     /     /  

CVE-2018-1337 Metadata Quick Info

CVE Published: 10/07/2018 | CVE Updated: 17/09/2024 | CVE Year: 2018
Source: apache | Vendor: Apache Software Foundation | Product: Apache Directory
Status : PUBLISHED

---

CVE-2018-1337 Description

In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request).

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Plaintext Password Disclosure in Secured Channel
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).