CVE-2020-9495

moderate-risk
Published 2020-06-19

Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.

Do I need to act?

!
27.5% chance of exploitation in next 30 days
EPSS score — higher than 73% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Apache

References (12)

Vendor Advisory http://archiva.apache.org/security.html#CVE-2020-9495
Mailing List http://www.openwall.com/lists/oss-security/2020/06/19/1
https://lists.apache.org/thread.html/r576eaabe3f772c045ec832a0200252494a2ce3f188...
https://lists.apache.org/thread.html/r576eaabe3f772c045ec832a0200252494a2ce3f188...
https://lists.apache.org/thread.html/r576eaabe3f772c045ec832a0200252494a2ce3f188...
https://lists.apache.org/thread.html/r7ae580f700ade57b00641a70a5c639a3ba576893bb...
Vendor Advisory http://archiva.apache.org/security.html#CVE-2020-9495
Mailing List http://www.openwall.com/lists/oss-security/2020/06/19/1
https://lists.apache.org/thread.html/r576eaabe3f772c045ec832a0200252494a2ce3f188...
https://lists.apache.org/thread.html/r576eaabe3f772c045ec832a0200252494a2ce3f188...
https://lists.apache.org/thread.html/r576eaabe3f772c045ec832a0200252494a2ce3f188...
https://lists.apache.org/thread.html/r7ae580f700ade57b00641a70a5c639a3ba576893bb...
41
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 15/34 · Moderate
Exposure 5/34 · Minimal