Lucene search

[email protected]NVD:CVE-2008-0926

HistoryMar 28, 2008 - 6:44 p.m.

CVE-2008-0926

2008-03-2818:44:00

CWE-287

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.346 Low

EPSS

Percentile

97.1%

JSON

The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.

Affected configurations

NVD

Node

novelledirectoryRange≤8.7.3.10

novelledirectoryMatch8.5

novelledirectoryMatch8.5.12a

novelledirectoryMatch8.5.27

novelledirectoryMatch8.6.2

novelledirectoryMatch8.7

novelledirectoryMatch8.7.1

novelledirectoryMatch8.7.1sp1

novelledirectoryMatch8.7.3

novelledirectoryMatch8.7.3.8

novelledirectoryMatch8.7.3.8_presp9

novelledirectoryMatch8.7.3.9

novelledirectoryMatch8.8

References

secunia.com/advisories/29527

www.securityfocus.com/archive/1/491621/100/0/threaded

www.securityfocus.com/bid/28441

www.securitytracker.com/id?1019691

www.vupen.com/english/advisories/2008/0988/references

exchange.xforce.ibmcloud.com/vulnerabilities/41426

secure-support.novell.com/KanisaPlatform/Publishing/876/3866911_f.SAL_Public.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.346 Low

EPSS

Percentile

97.1%

JSON

Related for NVD:CVE-2008-0926

nessus2 seebug1 cve2 prion2 cvelist2 securityvulns1 nvd1