CVE-2017-14596

CRITICAL
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

References

http://www.securityfocus.com/bid/100898

http://www.securitytracker.com/id/1039407

https://blog.ripstech.com/2017/joomla-takeover-in-20-seconds-with-ldap-injection-cve-2017-14596/

https://developer.joomla.org/security-centre/711-20170902-core-ldap-information-disclosure

Details

Source: MITRE

Published: 2017-09-20

Updated: 2017-09-27

Type: CWE-90

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:joomla:joomla\!:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.4:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.5:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.6:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.7:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.8:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.9:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.10:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.11:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.12:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.13:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.14:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.15:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.16:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.17:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.18:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.19:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.20:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.21:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.22:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.23:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.24:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.25:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.5.26:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.6.0:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.6.2:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.6.3:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.6.4:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.6.5:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.6.6:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.7.2:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.7.3:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.7.4:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:1.7.5:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.2:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.3:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.4:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.5:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.6:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.7:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.8:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.9:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.10:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.11:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.12:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.13:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.14:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.15:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.16:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.17:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.18:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.19:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.20:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.21:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.22:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.23:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.24:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.25:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.26:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.27:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:2.5.28:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.1.4:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.1.6:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.2.0:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.2.4:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.2.5:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.2.6:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.2.7:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.3.0:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.3.3:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.3.4:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.3.5:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.3.6:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.4.0:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.4.1:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.4.2:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.4.3:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.4.4:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.4.5:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.4.6:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.4.7:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.4.8:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.5.0:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.6.0:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.6.2:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.6.3:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.6.4:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.6.5:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.7.0:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.7.1:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.7.2:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.7.3:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.7.4:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:3.7.5:*:*:*:*:*:*:*

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
98475Joomla! 1.5.x < 3.8.2 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98474Joomla! 1.6.x < 3.8.2 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98473Joomla! 1.7.x < 3.8.2 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98472Joomla! 2.5.x < 3.8.2 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98471Joomla! 3.0.x < 3.8.2 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98470Joomla! 3.1.x < 3.8.2 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98469Joomla! 3.2.x < 3.8.2 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98468Joomla! 3.3.x < 3.8.2 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98467Joomla! 3.4.x < 3.8.2 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98466Joomla! 3.5.x < 3.8.2 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98465Joomla! 3.6.x < 3.8.2 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98464Joomla! 3.7.x < 3.8.2 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98463Joomla! 3.8.x < 3.8.2 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98462Joomla! 1.5.x < 3.8.0 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98461Joomla! 1.6.x < 3.8.0 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98460Joomla! 1.7.x < 3.8.0 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98459Joomla! 2.5.x < 3.8.0 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98458Joomla! 3.0.x < 3.8.0 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98457Joomla! 3.1.x < 3.8.0 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98456Joomla! 3.2.x < 3.8.0 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98455Joomla! 3.3.x < 3.8.0 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98454Joomla! 3.4.x < 3.8.0 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98453Joomla! 3.5.x < 3.8.0 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98452Joomla! 3.6.x < 3.8.0 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
98451Joomla! 3.7.x < 3.8.0 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
104478Joomla! 1.5.0 < 3.8.2 Multiple VulnerabilitiesNessusCGI abuses
critical
103383Joomla! 1.5.0 < 3.8.0 Multiple VulnerabilitiesNessusCGI abuses
critical