漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable
Vulnerability Description
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled server variable instead of REMOTE_USER (such as in certain proxy setups). An attacker able to control that value can manipulate the LDAP search filter and potentially bypass authentication constraints or cause unauthorized LDAP queries. This vulnerability is fixed in 2.5.36.
CVSS Information
N/A
Vulnerability Type
LDAP查询中使用的特殊元素转义处理不恰当(LDAP注入)
Vulnerability Title
MISP 注入漏洞
Vulnerability Description
MISP是MISP开源的一套开源的软件解决方案。该产品用于收集、存储、分发、共享网络安全指标,并具有威胁网络安全事件分析和恶意软件分析等功能。 MISP 2.5.36之前版本存在注入漏洞,该漏洞源于ApacheAuthenticate.php中LDAP查询的特殊元素中和不当,可能导致LDAP注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A