Description

The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.

Remediation

References

CVE-2014-9043

Related Vulnerabilities

WordPress Plugin Event List Cross-Site Scripting (0.7.9)

MySQL CVE-2022-21256 Vulnerability (CVE-2022-21256)

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5501)

Drupal Core 7.x Cross-Site Scripting (7.0 - 7.69)

WordPress Plugin Great Restaurant Menu WP SQL Injection (1.4.1)

Severity

Medium

Classification

CVE-2014-9043 CWE-287

Tags

Missing Update Known Vulnerabilities