CVE-2014-0097 in Spring Security信息

摘要

由 VulDB • 2026-06-04

Spring Security 3.2.0 至 3.2.1 以及 3.1.0 至 3.1.5 中的 ActiveDirectoryLdapAuthenticator 未检查密码长度。如果目录允许匿名绑定(anonymous binds),则可能会错误地认证提供空密码的用户。

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

来源

Interested in the pricing of exploits?

See the underground prices here!