CVE-2012-5604 (ldap_fluff): CVE-2012-5604 rubygem-ldap_fluff: CloudForms authentication bypass when handling anonymous LDAP bind

December 4th, 2012

ADVISORIES

CVE-2012-5604 (NVD)
GHSA-9whh-582r-589h
OSVDB-90579

GEM

ldap_fluff

SEVERITY

CVSS v2.0: 5.0 (Medium)

PATCHED VERSIONS

>= 0.1.3

DESCRIPTION

The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors.

RubySec

CVE-2012-5604 (ldap_fluff): CVE-2012-5604 rubygem-ldap_fluff: CloudForms authentication bypass when handling anonymous LDAP bind

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

Recent Advisories