====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN358
_____________________________________________________________________

DATE                : 24/06/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Archiva versions prior to
                                            2.2.5.

=====================================================================
http://mail-archives.apache.org/mod_mbox/archiva-users/202006.mbox/%3c2640261.krIbtSRUe9@golgafrichnam%3e
_____________________________________________________________________

CVE-2020-9495: Apache Archiva login service is vulnerable to LDAP injection

Severity: Medium

Vendor:
The Apache Software Foundation

Versions Affected:

    Apache Archiva all versions before 2.2.5

By providing special values to the archiva login form a attacker is able
to retrieve user attribute data from the
connected LDAP server.
With certain characters it is possible to modify the LDAP filter used to
query the users on the connected LDAP server.
By measuring the response time, arbitrary attribute data can be
retrieved from LDAP user objects.

Mitigation:

    Upgrade to Apache Archiva 2.2.5 or higher

References:
http://archiva.apache.org/security.html#CVE-2020-9495

The newest Archiva version can be downloaded from:
http://archiva.apache.org/download.cgi


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================