What is CVE-2016-6497?

CVE-2016-6497 is a LDAP entry poisoning vulnerability in the Groovy LDAP API in Apache, which allows a remote attacker to execute arbitrary code on the system.

What is the severity of CVE-2016-6497?

The severity of CVE-2016-6497 is high, with a severity value of 7.5.

How can an attacker exploit CVE-2016-6497?

An attacker can exploit CVE-2016-6497 by leveraging the setting returnObjFlag to true for all search methods in the LDAP.java file.

Who is affected by CVE-2016-6497?

IBM GDE version 3.0.0.2 and Apache Groovy LDAP are affected by CVE-2016-6497.

How to fix CVE-2016-6497?

Update the Groovy LDAP API in Apache to the latest version and apply any patches provided by the vendor.

Vulnerability/
CVE-2016-6497

high

7.5

CWE

254

18/1/2017

6/8/2024

CVE-2016-6497

First published: Wed Jan 18 2017(Updated: )

Apache could allow a remote attacker to execute arbitrary code on the system, caused by a LDAP entry poisoning vulnerability in main/java/org/apache/directory/groovyldap/LDAP.java. By leveraging setting returnObjFlag to true for all search methods, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Credit: security-alert@hpe.com

Affected Software	Affected Version	How to fix
IBM GDE	<=3.0.0.2
Apache Groovy Ldap

Remedy

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6320835

Frequently Asked Questions

What is CVE-2016-6497?
CVE-2016-6497 is a LDAP entry poisoning vulnerability in the Groovy LDAP API in Apache, which allows a remote attacker to execute arbitrary code on the system.
What is the severity of CVE-2016-6497?
The severity of CVE-2016-6497 is high, with a severity value of 7.5.
How can an attacker exploit CVE-2016-6497?
An attacker can exploit CVE-2016-6497 by leveraging the setting returnObjFlag to true for all search methods in the LDAP.java file.
Who is affected by CVE-2016-6497?
IBM GDE version 3.0.0.2 and Apache Groovy LDAP are affected by CVE-2016-6497.
How to fix CVE-2016-6497?
Update the Groovy LDAP API in Apache to the latest version and apply any patches provided by the vendor.

agent/type
agent/last-modified-date
agent/first-publish-date
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/severity
agent/references
agent/weakness
agent/remedy
agent/author
agent/description
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/ibm
canonical/ibm gde
version/ibm gde/3.0.0.2
vendor/apache
canonical/apache groovy ldap

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.