Homepage

org.ldaptive:ldaptive@1.0.4 vulnerabilities

  • latest version

    2.4.0

  • latest non vulnerable version

    2.4.0

  • first published

    11 years ago

  • latest version published

    2 months ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.ldaptive:ldaptive package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Improper Certificate Validation

    org.ldaptive:ldaptive is a simple, extensible Java API for interacting with LDAP servers.

    Affected versions of this package are vulnerable to Improper Certificate Validation. It was discovered that the implementation used by the vtldap/ldaptive project to check that the server hostname matches the domain name in the subject's CN field was flawed. This can be exploited by a Man-in-the-middle (MITM) attack, where the attacker can spoof a valid certificate using a specially crafted subject.

    How to fix Improper Certificate Validation?

    Upgrade org.ldaptive:ldaptive to version 1.0.5 or higher.

    [,1.0.5)
    Go back to all versions of this package