[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110139

 
 

909

 
 

85964

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2013-1897Date: (C)2013-05-14   (M)2018-05-10


The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 2.6
Exploit Score: Exploit Score: 4.9
Impact Score: Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: HIGH
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: NONE
Confidentiality: Availability: NONE
Integrity:  
Availability:  
  
Reference:
FEDORA-2013-4578
RHSA-2013:0742
https://bugzilla.redhat.com/show_bug.cgi?id=928105
https://fedorahosted.org/389/ticket/47308
https://fedorahosted.org/freeipa/ticket/3540
https://git.fedorahosted.org/cgit/389/ds.git/commit/?h=389-ds-base-1.2.11&id=5a18c828533a670e7143327893f8171a19062286

CPE    52
cpe:/a:fedoraproject:389_directory_server:1.3.0.4
cpe:/a:fedoraproject:389_directory_server:1.3.0.2
cpe:/a:fedoraproject:389_directory_server:1.3.0.3
cpe:/a:fedoraproject:389_directory_server:1.2.10
...
CWE    1
CWE-264
OVAL    7
oval:org.secpod.oval:def:501040
oval:org.secpod.oval:def:104796
oval:org.secpod.oval:def:104837
oval:org.secpod.oval:def:105139
...

© SecPod Technologies