Rewterz Threat Advisory – Multiple Node.js Vulnerabilities
February 20, 2023Rewterz Threat Advisory – CVE-2023-24998 – Apache Commons FileUpload and Tomcat Vulnerability
February 21, 2023Rewterz Threat Advisory – Multiple Node.js Vulnerabilities
February 20, 2023Rewterz Threat Advisory – CVE-2023-24998 – Apache Commons FileUpload and Tomcat Vulnerability
February 21, 2023Severity
Medium
Analysis Summary
CVE-2023-25613
Apache Kerby could allow a remote attacker to conduct an LDAP injection, caused by a flaw in LdapIdentityBackend. By sending a request with a specially-crafted request, an attacker could exploit this vulnerability to inject unsanitized content into the LDAP filter.
Impact
- Data Manipulation
Indicators Of Compromise
CVE
- CVE-2023-25613
Affected Vendors
Apache
Affected Products
- Apache Kerby 2.0.2
Remediation
Upgrade to the latest version of Apache Kerby, available from the Apache Website.