CVE-2018-1337

Name of the Vulnerable Software and Affected Versions Apache Directory LDAP API versions prior to 1.0.2

Description A bug in the setup of the SSL Filter allows another thread to use a connection before the TLS layer is established, potentially leaking information, including credentials sent in a BIND request.

Recommendations For versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. As a temporary workaround, consider disabling connection pooling to minimize the risk of exploitation. Restrict access to sensitive operations, such as BIND requests, until the issue is resolved.