SYM_JAVA_0095 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
When LDAP searches are configured to return serialized Java objects from untrusted or unsanitized input, attackers can manipulate the LDAP response to inject malicious objects. This exposes the application to dangerous deserialization or remote code execution risks.
Impact
An attacker could craft LDAP responses that allow them to execute arbitrary code on your server, potentially leading to full system compromise, data theft, or service disruption. This vulnerability can be exploited to gain unauthorized access or control over your application environment.