Description
Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.
Remediation
References
http://www.securityfocus.com/bid/103098
https://access.redhat.com/errata/RHSA-2018:1322
https://karaf.apache.org/security/cve-2016-8750.txt
Related Vulnerabilities
CVE-2021-43788 Vulnerability in npm package nodebb
CVE-2022-44729 Vulnerability in maven package org.apache.xmlgraphics:batik-svgrasterizer
CVE-2018-11762 Vulnerability in maven package org.apache.tika:tika-app
CVE-2019-10447 Vulnerability in maven package io.jenkins.plugins:sofy-ai
CVE-2019-16776 Vulnerability in maven package org.webjars.bower:npm