Fedora Commons LDAP Authentication Bypass Vulnerability
BID:25317
Info
Fedora Commons LDAP Authentication Bypass Vulnerability
| Bugtraq ID: | 25317 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-4364 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 14 2007 12:00AM |
| Updated: | May 07 2015 05:36PM |
| Credit: | Bill Niebel is credited with the discovery of this issue. |
| Vulnerable: |
Redhat Fedora Commons 1.1.1 Redhat Fedora Commons 2.2 Redhat Fedora Commons 1.1 Redhat Fedora Commons 1.0 |
| Not Vulnerable: |
Redhat Fedora Commons 2.2.1 |
Discussion
Fedora Commons LDAP Authentication Bypass Vulnerability
Fedora Commons is prone to an authentication-bypass vulnerability because the application fails to properly handle unexpected conditions.
Attackers can exploit this issue to gain unauthorized access. This may facilitate a compromise of the application and underlying webserver; other attacks are also possible.
Versions prior to Fedora Commons 2.2.1 are vulnerable to this issue.
Fedora Commons is prone to an authentication-bypass vulnerability because the application fails to properly handle unexpected conditions.
Attackers can exploit this issue to gain unauthorized access. This may facilitate a compromise of the application and underlying webserver; other attacks are also possible.
Versions prior to Fedora Commons 2.2.1 are vulnerable to this issue.
Exploit / POC
Fedora Commons LDAP Authentication Bypass Vulnerability
An attacker can exploit this issue via a browser.
An attacker can exploit this issue via a browser.
Solution / Fix
Fedora Commons LDAP Authentication Bypass Vulnerability
Solution:
The vendor has released Fedora Commons 2.2.1 to address this issue. Please see the references for more information.
Redhat Fedora Commons 2.2
Redhat Fedora Commons 1.0
Redhat Fedora Commons 1.1
Redhat Fedora Commons 1.1.1
Solution:
The vendor has released Fedora Commons 2.2.1 to address this issue. Please see the references for more information.
Redhat Fedora Commons 2.2
-
Fedora Commons fedora-2.2.1-installer.jar
http://downloads.sourceforge.net/fedora-commons/fedora-2.2.1-installer .jar?modtime=1187003227&big_mirror=0
Redhat Fedora Commons 1.0
-
Fedora Commons fedora-2.2.1-installer.jar
http://downloads.sourceforge.net/fedora-commons/fedora-2.2.1-installer .jar?modtime=1187003227&big_mirror=0
Redhat Fedora Commons 1.1
-
Fedora Commons fedora-2.2.1-installer.jar
http://downloads.sourceforge.net/fedora-commons/fedora-2.2.1-installer .jar?modtime=1187003227&big_mirror=0
Redhat Fedora Commons 1.1.1
-
Fedora Commons fedora-2.2.1-installer.jar
http://downloads.sourceforge.net/fedora-commons/fedora-2.2.1-installer .jar?modtime=1187003227&big_mirror=0
References
Fedora Commons LDAP Authentication Bypass Vulnerability
References:
References:
- [ 1731608 ] LDAP, JNDI, and Servlet Filter issues (Fedora Commons)
- Fedora Commons Home Page (Fedora Commons)
- Release Name: 2.2.1 (Fedora Commons)