Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.5
CVSSv2

CVE-2007-4364

Published: 15/08/2007 Updated: 29/07/2017
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
VMScore: 756
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Subscribe to Fedoraproject

Vulnerability Summary

Fedora Commons prior to 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote malicious users to trigger a certain "unexpected / strange response" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote malicious users to trigger use of a cached authentication decision. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector.

Vulnerable Product Search on Vulmon Subscribe to Product

fedoraproject commons

References

CWE-287http://sourceforge.net/project/shownotes.php?release_id=531870http://sourceforge.net/tracker/index.php?func=detail&aid=1731608&group_id=177054&atid=879703http://secunia.com/advisories/26445http://www.securityfocus.com/bid/25317http://osvdb.org/39548https://exchange.xforce.ibmcloud.com/vulnerabilities/36005https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook