CVE-2014-0097 in Spring Securityinfo

Summary

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

12/03/2013

Disclosure

05/25/2017

Moderation

VulDB entry created

Entries

VDB-101766 (1)

CPE

ready

CWE

CWE-287 (Confirmed)

CVSS

7.3

EPSS

0.00234

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-0097
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-0097
CVE Details	https://www.cvedetails.com/cve/CVE-2014-0097/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!