Jump to content

Risk of LDAP Injection


Recommended Posts

Question 1… are you using LDAP authentication?  

Based on your post history, it looks like you are running some sort of automated scanning service against your site.  A lot of the things you are describing/reporting sound like false positives. 

In order for IPS to help however, it needs a LOT more info. “CMS” is a rather large application. Simply saying there is a vulnerability somewhere in it is like saying someone is sick somewhere in the city of New York or London.  

What specific file?  Does it reference what code is problematic?  Under what circumstances can the exploit be triggered?  

I’m almost willing to bet what it is thinking is a vulnerability is actually not an issue and is either the scanner not understanding it or it is detecting a server configuration issue itself. 

Link to comment
Share on other sites

  • 2 weeks later...
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...