CVE-2016-8750: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

January 7, 2019 (updated September 9, 2021)

Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.

References

github.com/advisories/GHSA-chj8-5xgw-wcvj
karaf.apache.org/security/cve-2016-8750.txt
nvd.nist.gov/vuln/detail/CVE-2016-8750

Code Behaviors & Features

Detect and mitigate CVE-2016-8750 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →