Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Fedora Commons空LDAP口令绕过认证漏洞
Vulnerability Description
Fedora Commons是开源的电子库服务,可提供各种类型的信息管理系统。 Fedora Commons在处理用户认证时存在漏洞,远程攻击者可能利用此漏洞获取非授权访问。 Fedora Commons没有正确地处理某些Java命名和目录接口(JNDI)认证请求,远程攻击者可以使用不存在的帐号名和空口令认证导致LDAP服务器出现非预期的响应,绕过认证获得非授权访问。
CVSS Information
N/A
Vulnerability Type
N/A