Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable
Vulnerability Description
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled server variable instead of REMOTE_USER (such as in certain proxy setups). An attacker able to control that value can manipulate the LDAP search filter and potentially bypass authentication constraints or cause unauthorized LDAP queries. This vulnerability is fixed in 2.5.36.
CVSS Information
N/A
Vulnerability Type
LDAP查询中使用的特殊元素转义处理不恰当(LDAP注入)
Vulnerability Title
MISP 注入漏洞
Vulnerability Description
MISP是MISP开源的一套开源的软件解决方案。该产品用于收集、存储、分发、共享网络安全指标,并具有威胁网络安全事件分析和恶意软件分析等功能。 MISP 2.5.36之前版本存在注入漏洞,该漏洞源于ApacheAuthenticate.php中LDAP查询的特殊元素中和不当,可能导致LDAP注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A