Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Commons'
2007-08-15
CVE-2007-4364
CWE-287
Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector.
>>>
Vendor:
Fedoraproject
20
Produkty
Fedora core
Networkmanager
Coolkey
Fedora
Commons
SSSD
Dracut
389 directory server
Libnm-util
Anaconda
Crypto-utils
Arm installer
Fedmsg
389 administration server
Python-fedora
Spin-kickstarts
Sectool
Selinux-policy
Fedora extra packages for enterprise linux
Extra packages for enterprise linux
Copyright
2024
, cxsecurity.com
Back to Top