A vulnerability was found in Apache Archiva up to 2.2.4. It has been classified as critical. Affected is an unknown functionality of the component LDAP Handler. The manipulation with an unknown input leads to a injection vulnerability (LDAP injection). CWE is classifying the issue as CWE-74. The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.

The weakness was shared 06/19/2020 (Website). The advisory is available at archiva.apache.org. This vulnerability is traded as CVE-2020-9495 since 03/01/2020. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1055 by the MITRE ATT&CK project.

Upgrading to version 2.2.5 eliminates this vulnerability.

Productinfo

Vendor

• Apache

Name

• Archiva

Version

• 2.2.0
• 2.2.1
• 2.2.2
• 2.2.3
• 2.2.4

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion