Vulnerability CVE-2014-3562


Published: 2014-08-21

Description:
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

Type:

CWE-200

(Information Exposure)

Vendor: Redhat
Product: Directory server 
Version: 8.0;
Product: Enterprise linux 
Version: 7.0; 6.0;
Vendor: Fedoraproject
Product: 389 directory server 
Version:
1.3.0.8
1.3.0.7
1.3.0.6
1.3.0.5
1.3.0.4
1.3.0.3
1.3.0.2
1.2.9.9
1.2.8.3
1.2.8.2
1.2.8.1
1.2.8
1.2.7.5
1.2.7
1.2.6.1
1.2.6
1.2.5
1.2.3
1.2.2
1.2.11.9
1.2.11.8
1.2.11.6
1.2.11.5
1.2.11.26
1.2.11.25
1.2.11.23
1.2.11.22
1.2.11.21
1.2.11.20
1.2.11.19
1.2.11.17
1.2.11.15
1.2.11.14
1.2.11.13
1.2.11.12
1.2.11.11
1.2.11.10
1.2.11.1
1.2.10.4
1.2.10.3
1.2.10.2
1.2.10.11
1.2.10
1.2.1

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://rhn.redhat.com/errata/RHSA-2014-1031.html
http://rhn.redhat.com/errata/RHSA-2014-1032.html
https://bugzilla.redhat.com/show_bug.cgi?id=1123477

Related CVE
CVE-2012-1114
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.
CVE-2012-1115
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.
CVE-2019-14901
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary co...
CVE-2013-4410
ReviewBoard: has an access-control problem in REST API
CVE-2013-4235
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
CVE-2013-4411
Review Board: URL processing gives unauthorized users access to review lists
CVE-2012-4480
mom creates world-writable pid files in /var/run
CVE-2012-4428
openslp: SLPIntersectStringList()' Function has a DoS vulnerability

Copyright 2019, cxsecurity.com

 

Back to Top