Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository
Summary
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue. Affected product named by the advisory: Red Hat build of Apache Camel 4.18.1.P1 for Spring Boot 3.5.16.
What this means
In plain English
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue. Affected product named by the advisory: Red Hat build of Apache Camel 4.18.1.P1 for Spring Boot 3.5.16.
Recommended action
Primary action: update to a vendor-listed fixed release: 4.2.1, 4.1.6, 3.6.11.
Rewritten locally from the scraped official advisory data above; no generative API is used. The vendor advisory is authoritative.
- Apache CXF 4.2.0 before 4.2.1
- Apache CXF 4.0.0 before 4.1.6
- Apache CXF before 3.6.11
Official advisory · medium-confidence parse· fetched 2 hours ago·verify at source
- 4.2.1
- 4.1.6
- 3.6.11
Official advisory · medium-confidence parse· fetched 2 hours ago·verify at source
Mitigation
Upgrade to a fixed release: 4.2.1, 4.1.6, 3.6.11. That is the remediation for this advisory.
The vendor advisory may list additional interim mitigations or workarounds not captured here — review it before change work.
Official advisory · medium-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.