Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.
CVSS Score
6.5
EPSS Score
0.015
Published
2018-02-19
Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-11-15
Page 2