LDAP Entry Poisoning Vulnerability in Groovy LDAP API

CVE-2016-6497 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.

Learn more about our Cis Benchmark Audit For Apache Http Server.