CVE-2014-0097 is a vulnerability in VMware Spring Security
Published on May 25, 2017

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.

NVD

Products Associated with CVE-2014-0097

Want to know whenever a new CVE is published for VMware Spring Security? stack.watch will email you.

VMware Spring Security

Affected Versions

Pivotal Spring Security:

Version 3.2.0 to 3.2.1 is affected.
Version 3.1.0 to 3.1.5 is affected.

Exploit Probability

EPSS

0.31%

Percentile

54.17%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2014-0097 is a vulnerability in VMware Spring SecurityPublished on May 25, 2017

Products Associated with CVE-2014-0097

Affected Versions

Exploit Probability

CVE-2014-0097 is a vulnerability in VMware Spring Security
Published on May 25, 2017