CVE-2020-9495

MEDIUM

Apache Archiva < 2.2.5 - LDAP Injection via Login Form

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-9495. PoCs published by ggolawski.

AI-analyzed exploit summary This repository contains a functional Python script that demonstrates an LDAP injection vulnerability in Apache Archiva (CVE-2020-9495). The PoC exploits timing differences to enumerate users and exfiltrate LDAP attribute values via crafted login requests.

Description

Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.

Exploits (1)

nomisec WORKING POC 8 stars
by ggolawski · poc
https://github.com/ggolawski/CVE-2020-9495

This repository contains a functional Python script that demonstrates an LDAP injection vulnerability in Apache Archiva (CVE-2020-9495). The PoC exploits timing differences to enumerate users and exfiltrate LDAP attribute values via crafted login requests.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Apache Archiva < 2.2.5
No auth needed
Prerequisites: Access to Archiva login endpoint · LDAP integration enabled on target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/06/19/1

Scores

CVSS v3 5.3
EPSS 0.0800
EPSS Percentile 94.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-74
Status published
Products (2)
apache/archiva < 2.2.5
org.apache.archiva/archiva 0 - 2.2.5Maven
Published Jun 19, 2020
Tracked Since Feb 18, 2026