CVE-2007-4364

{"id": "CVE-2007-4364", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-08-15T19:17:00.000", "references": [{"url": "http://osvdb.org/39548", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26445", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=531870", "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1731608&group_id=177054&atid=879703", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25317", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36005", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain \"unexpected / strange response\" from an LDAP server, and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector."}, {"lang": "es", "value": "Fedora Commons versiones anteriores a 2.2.1, no maneja apropiadamente ciertas peticiones de autenticaci\u00f3n que involucran Java Naming and Directory Interface (JNDI), relacionadas con (1) un nombre de cuenta inexistente en combinaci\u00f3n con una contrase\u00f1a, que permite a atacantes remotos desencadenar una determinada \"unexpected / strange response\" desde un servidor LDAP, y (2) un intento de reautenticaci\u00f3n que produce una excepci\u00f3n, lo que permite a atacantes remotos activar el uso de una decisi\u00f3n de autenticaci\u00f3n almacenada en cach\u00e9. NOTA: la autenticaci\u00f3n puede ser omitida mediante el vector 1 seguido del vector 2, y posiblemente puede ser omitida mediante un \u00fanico vector."}], "lastModified": "2017-07-29T01:32:53.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:commons:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B542136-32DA-4090-B2C2-19EBD17E33A9", "versionEndIncluding": "2.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}