Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-1000134

EPSS 1.68% · P82
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-1000134

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Ability to impersonate any valid user. This attack appear to be exploitable via Providing valid username and empty password against servers that do not do additional validation as per https://tools.ietf.org/html/rfc4513#section-5.1.1. This vulnerability appears to have been fixed in after commit 8471904a02438c03965d21367890276bc25fa5a6.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
UnboundID LDAP SDK 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
UnboundID LDAP SDK是一套与Java通信的LDAP目录服务器的软件开发工具包。 UnboundID LDAP SDK commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb版本至commit 8471904a02438c03965d21367890276bc25fa5a6版本中的SimpleBindRequest的处理函数存在访问控制错误漏洞。攻击者可通过提供有效的用户名及空密码利用该漏洞冒充任意有效用户。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2018-1000134

#POC DescriptionSource LinkShenlong Link
1Nonehttps://github.com/dragotime/cve-2018-1000134POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2018-1000134

登录查看更多情报信息。

Same Patch Batch · n/a · 2018-03-16 · 34 CVEs total

CVE-2017-18059Android Qualcomm WLAN 信息泄露漏洞
CVE-2017-18050Android Qualcomm Wma management 权限许可和访问控制漏洞
CVE-2017-18051Android Qualcomm WLAN 信息泄露漏洞
CVE-2017-18052Android Qualcomm WLAN 信息泄露漏洞
CVE-2017-18053Android Qualcomm WLAN 信息泄露漏洞
CVE-2017-18054Android Qualcomm Wma 权限许可和访问控制漏洞
CVE-2017-18055Android Qualcomm WLAN 权限许可和访问控制漏洞
CVE-2017-18057Android Qualcomm WLAN 信息泄露漏洞
CVE-2017-18058Android Qualcomm WLAN 信息泄露漏洞
CVE-2017-15834Android Qualcomm Diagchar 权限许可和访问控制漏洞
CVE-2017-18060Android Qualcomm WLAN 信息泄露漏洞
CVE-2017-18061Android Qualcomm Wma 权限许可和访问控制漏洞
CVE-2017-18062Android Qualcomm Wma 权限许可和访问控制漏洞
CVE-2017-18065Android Qualcomm Wma 权限许可和访问控制漏洞
CVE-2017-18066Android Qualcomm Power驱动程序权限许可和访问控制漏洞
CVE-2018-3560Android Qualcomm Qdsp6v2 sound驱动程序权限许可和访问控制漏洞
CVE-2018-3561Android Qualcomm Diagchar 权限许可和访问控制漏洞
CVE-2016-10715Atlassian Jira Artezio Kanban Board插件跨站脚本漏洞
CVE-2017-15833Android Qualcomm Power驱动程序权限许可和访问控制漏洞
CVE-2017-15831Android Qualcomm Wma 权限许可和访问控制漏洞

Showing top 20 of 34 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2018-1000134

No comments yet

Leave a comment