Back to list
[SECURITY] CVE-2015-5349: Apache Directory Studio command injection vulnerability
Jan 02 2016 02:32PM
Stefan Seelmann (seelmann apache org)
CVE-2015-5349: Apache Directory Studio command injection vulnerability
Vendor: The Apache Software Foundation
- Apache LDAP Studio 0.6.0 to 0.8.1
- Apache Directory Studio 1.0.0 to 2.0.0-M9
The CSV export didnâ??t escape the fields properly. Malicious users can
put specially crafted values into the LDAP server. When a user exports
that data into CSV formatted file, and subsequently opens it with a
spreadsheet application, the data is interpreted as a formula and executed.
Users should upgrade to Apache Directory Studio 2.0.0-M10
This issue was discovered by ï»¿Muhammad Shahmeer Amir.
[ reply ]
Copyright 2010, SecurityFocus