mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-14 16:32:48 +00:00
829 B
829 B
CVE-2016-6497
Description
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
POC
Reference
- https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Github
No PoCs found on GitHub currently.