High severity7.5NVD Advisory· Published Jan 18, 2017· Updated May 13, 2026

CVE-2016-6497

Description

main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlnvdPatch
svn.apache.org/viewvc/directory/sandbox/szoerner/groovyldap/src/main/java/org/apache/directory/groovyldap/LDAP.javanvdMailing ListThird Party Advisory
www.securityfocus.com/bid/95929nvdThird Party AdvisoryVDB Entry
mail-archives.apache.org/mod_mbox/directory-users/201610.mbox/%3Cb7d7e909-a8ed-1ab4-c853-4078c1e7624a%40stefan-seelmann.de%3EnvdMailing ListThird Party Advisory
www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdfnvdTechnical DescriptionThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000