admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2017/8xxx/CVE-2017-8028.json

78 lines
2.6 KiB
JSON
Raw Normal View History

- Populated repo from CVE List.
2017-10-16 12:31:07 -04:00
{
"CVE_data_meta" : {
- Synchronized data.
2017-11-27 05:05:04 -05:00
"ASSIGNER" : "security_alert@emc.com",
- Populated repo from CVE List.
2017-10-16 12:31:07 -04:00
"ID" : "CVE-2017-8028",
- Synchronized data.
2017-11-27 05:05:04 -05:00
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Spring-LDAP Spring-LDAP versions 1.3.0 2.3.1",
"version" : {
"version_data" : [
{
"version_value" : "Spring-LDAP Spring-LDAP versions 1.3.0 2.3.1"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
- Populated repo from CVE List.
2017-10-16 12:31:07 -04:00
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
- Synchronized data.
2017-11-27 05:05:04 -05:00
"value" : "In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. This occurs because some LDAP vendors require an explicit operation for the LDAP bind to take effect."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "authentication with arbitrary password"
}
]
}
]
},
"references" : {
"reference_data" : [
- Synchronized data.
2018-02-02 06:02:32 -05:00
{
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads.
2018-04-05 09:33:01 -04:00
"name" : "[debian-lts-announce] 20171119 [SECURITY] [DLA 1180-1] libspring-ldap-java security update",
"refsource" : "MLIST",
- Synchronized data.
2018-02-02 06:02:32 -05:00
"url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00026.html"
},
- Synchronized data.
2017-11-27 05:05:04 -05:00
{
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads.
2018-04-05 09:33:01 -04:00
"name" : "https://pivotal.io/security/cve-2017-8028",
"refsource" : "CONFIRM",
- Synchronized data.
2017-11-27 05:05:04 -05:00
"url" : "https://pivotal.io/security/cve-2017-8028"
- Synchronized data.
2017-11-27 06:03:49 -05:00
},
{
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads.
2018-04-05 09:33:01 -04:00
"name" : "DSA-4046",
"refsource" : "DEBIAN",
- Synchronized data.
2017-11-27 06:03:49 -05:00
"url" : "https://www.debian.org/security/2017/dsa-4046"
- Synchronized data.
2018-02-15 06:04:25 -05:00
},
{
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads.
2018-04-05 09:33:01 -04:00
"name" : "RHSA-2018:0319",
"refsource" : "REDHAT",
- Synchronized data.
2018-02-15 06:04:25 -05:00
"url" : "https://access.redhat.com/errata/RHSA-2018:0319"
- Populated repo from CVE List.
2017-10-16 12:31:07 -04:00
}
]
}
}
Reference in New Issue Copy Permalink