|
|
CVE Reference: CVE-2007-4364 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-4364 |
|
|
Description: Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/36005 SAID Secunia Advisory: SA26445 OSVDB 39548 CONFIRM http://sourceforge.net/tracker/index.php?func=detail&aid=1731608&group_id=177054&atid=879703 http://sourceforge.net/project/shownotes.php?release_id=531870 BID 25317 |
|
| Return to the previous page. |
