Apache Directory LDAP API prior to 1.0.0-M31 allows malicious users to conduct timing attacks via unspecified vectors.
apache directory ldap api