Vulnerability CVE-2013-4485


Published: 2013-11-23

Description:
389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
389-ds DoS due to improper handling
Vincent Danen
22.11.2013

Type:

CWE-20

(Improper Input Validation)

Vendor: Redhat
Product: Directory server 
Version:
8.2
8.1
8.0
7.1
Product: Enterprise linux 
Version: 6.0;
Vendor: Fedoraproject
Product: 389 directory server 
Version: 1.2.11.15;

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://rhn.redhat.com/errata/RHSA-2013-1752.html
http://rhn.redhat.com/errata/RHSA-2013-1753.html

Related CVE
CVE-2012-1114
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.
CVE-2012-1115
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.
CVE-2019-14901
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary co...
CVE-2013-4410
ReviewBoard: has an access-control problem in REST API
CVE-2013-4235
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
CVE-2013-4411
Review Board: URL processing gives unauthorized users access to review lists
CVE-2012-4480
mom creates world-writable pid files in /var/run
CVE-2012-4428
openslp: SLPIntersectStringList()' Function has a DoS vulnerability

Copyright 2019, cxsecurity.com

 

Back to Top