FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2017-14596

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (CWE-90)

Published: Sep 20, 2017 / Updated: 87mo ago

010
No CVSS yetEPSS 1.04%
CVE info copied to clipboard

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

Timeline

First Article

Feedly found the first article mentioning CVE-2017-14596. See article

Sep 19, 2017 at 2:03 PM / developer.joomla.org
EPSS

EPSS Score was set to: 1.04% (Percentile: 82.3%)

Nov 29, 2023 at 9:07 AM
Static CVE Timeline Graph

Affected Systems

Joomla/joomla\!
+null more

Exploits

https://blog.ripstech.com/2017/joomla-takeover-in-20-seconds-with-ldap-injection-cve-2017-14596/
+null more

Patches

developer.joomla.org
+null more

Attack Patterns

CAPEC-136: LDAP Injection
+null more

References

Security in Joomla! 5.x • Re: Login Bypass via LDAP Injection vulnerability detected
Joomla! Forum - community, help and support / 3mo
It sounds like a false positive. Did the security team not provide any details how this far-fetched vulnerability was found? CWE-90 is generic, not language-specific and Joomla is not mentioned. It was first reported in July 2006, a few weeks before Joomla 1.0.10 was released. On the other hand, an LDAP vulnerability was reported on July 27, 2017, affecting Joomla versions from 1.5.0 to 3.7.5. Joomla 3.8.0 was released on September 19, 2017. Ref. 1 CVE-2017-14596 Ref. 2 Security Announcements - [20170902] - Core - LDAP Information Disclosure Statistics: Posted by toivo — Mon Jul 29, 2024 10:10 pm

News

Security in Joomla! 5.x • Re: Login Bypass via LDAP Injection vulnerability detected
Joomla! Forum - community, help and support / 3mo
It sounds like a false positive. Did the security team not provide any details how this far-fetched vulnerability was found? CWE-90 is generic, not language-specific and Joomla is not mentioned. It was first reported in July 2006, a few weeks before Joomla 1.0.10 was released. On the other hand, an LDAP vulnerability was reported on July 27, 2017, affecting Joomla versions from 1.5.0 to 3.7.5. Joomla 3.8.0 was released on September 19, 2017. Ref. 1 CVE-2017-14596 Ref. 2 Security Announcements - [20170902] - Core - LDAP Information Disclosure Statistics: Posted by toivo — Mon Jul 29, 2024 10:10 pm
Update Sat May 18 18:06:54 UTC 2024
Recent Commits to cve:main / 6mo
Update Sat May 18 18:06:54 UTC 2024
Update Wed Apr 3 18:03:53 UTC 2024
Recent Commits to cve:main / 7mo
Update Wed Apr 3 18:03:53 UTC 2024
Release Notes for Joomla | Synology Inc.
Google Alert - "transport av utsläpp" OR "nära informerad" OR "insats elektrifiera" OR "prestanda elektrokemisk" OR "mikrobiologiskt påverkad" OR "uppfyllande partners" OR "mazda2 halvkombi" OR "furebear konstruktion" OR "mg suvar" OR "fotoelektrisk omvandling" OR "produktion xv3300" OR "effektiv process" OR "städer skapar" OR "raffinering kemikalie" OR "pickup kropp" OR "version xceed" OR cfd-simuleringar OR "hastighet elbilar" OR "bilar cyklist" OR "hotell växer" OR utombordsmotorer OR raja OR lotsade OR "sjukdomar endokrina" OR "hotell krim" OR "tyska ev" OR "situationer i elnätet" OR ultrabattery OR "tesla kostar" OR "bugatti rimac" OR "upplev azul" OR cherokee-fallet OR krafthem OR "exempel pixometer" OR "specifikt solceller" OR kraftfördelare OR "lita på fordon" OR "russell grupp" OR tiac-komponenter OR "övervaka elektriska" OR deponier OR lastdata OR "inklusive amiralitet;" OR "olja hållbar" OR "fördelar med övervakning" OR "varumärke mahindra" OR "varningar energi" OR "aida… / 15mo
If Apache HTTP Server 2.4, MariaDB 10, PHP 8.0, and Web Station were not installed, the system will automatically install them after the update to ensure package functionality. If Apache HTTP Server 2.4, MariaDB 10, PHP 8.0, and Web Station were not installed, the system will automatically install them after the update to ensure package functionality.
Release Notes for Joomla | Synology Inc.
Google Alert - "model latający" OR "Kompatybilny z automatycznym ładowaniem" OR "Adapter EV" OR "Rura kanalizacyjna" OR "Drony zaspokajają potrzeby" OR "panele montowane" OR "włącza ładowarkę" OR "kontroler drona" OR "odporny panel" OR "roje płyn" OR "quadcopters pozwalający" OR "Komunikacja bezprzewodowa" OR "płaska bateria" OR "ponadczasowa zabawka" OR "systemy dronów" OR "Osłona Lotnicza Obrony Powietrznej" OR "NLP obejmują" OR "Trafność Dron" OR "Technologia Vault" OR "Przetwarzanie NLP" OR "Airsentiel AI" OR "miny lądowe" OR "drogi transformator" OR "Trasy przestrzeni powietrznej" OR "Obliczanie samochodu" OR Podłączyć OR "Loty Nokia" OR "Handel dronami" OR "Moc PMAX" OR Airhub OR "Priorytet ładowania" OR "S120 Panel słoneczny" OR "Sztuka wideograficzna" OR "Wdrożenie bezzałogowe" OR "Narzędzie Dronetag" OR "Cena Mavic" OR "Oferta dronów" OR "Cechy skrzydlate" OR "Drone chcą" OR "DJI Komórka" OR "w zestawie energia słoneczna" OR "W USB" OR "Zapewnij UAV" OR "Autobusy zmniejszają" / 16mo
If Apache HTTP Server 2.4, MariaDB 10, PHP 8.0, and Web Station were not installed, the system will automatically install them after the update to ensure package functionality. If Apache 2.4, MariaDB 10, PHP 8.0, and Web Station were not installed, the system will automatically install it after the update to ensure package functionality.
See 3 more articles and social media posts

CVSS V3.1

Unknown

Categories

CWE-90(33)Joomla(470)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial