Information disclosure in Directory LDAP API - CVE-2018-1337
Published: July 12, 2022
Vulnerability identifier: #VU65124
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-1337
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apache Foundation
Affected software:
Directory LDAP API
Directory LDAP API
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in the SSL Filter and allows for another thread to use the connection before the TLS layer has been established. A remote attacker can gain unauthorized access to sensitive information on the system.
How to mitigate CVE-2018-1337
Install updates from vendor's website.