Spring Security HttpServletRequest Security Restriction Bypass Vulnerability
Released on: 2014-09-02
Updated on: 2014-09-04
Affected Systems:
OpenLDAP 2.4.x
Description:
--------------------------------------------------------------------------------
Bugtraq id:
CVE (CAN) ID: CVE-2014-3527
OpenLDAP is an open-source Lightweight Directory Access Protocol (LDAP) implementation.
OpenLDAP 2.4.23, 2.4.36, and earlier versions of rwm overlay do not correctly implement reference counting, which allows remote attackers to immediately unbind the search request from the server, trigger rwm_conn_destroy to release the Session Context used, resulting in DOS (slapd crash ).
<* Source: David Ohsie
Link: http://secunia.com/advisories/55238/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
OpenLDAP
--------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.openldap.org/software/release/changes.html
Http://www.openldap.org/its/index.cgi/Incoming? Id = 7723
OpenLDAP details: click here
OpenLDAP: click here
Liferay Portal configuration uses Oracle and OpenLDAP
Axigen + OpenLDAP + BerkeleyDB + ejabberd multi-domain + WeChat chat detailed configuration
Deploy OpenLDAP authentication in CentOS
This article permanently updates the link address: