Lucene search

[email protected]NVD:CVE-2009-1384

HistoryMay 28, 2009 - 8:30 p.m.

CVE-2009-1384

2009-05-2820:30:00

CWE-287

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.6 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON

pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

Affected configurations

NVD

Node

redhatenterprise_linuxMatch5

redhatenterprise_linuxMatch5client

redhatenterprise_linuxMatch5client_workstation

redhatenterprise_linuxMatch5server

AND

eyriepam-krb5Match2.2.14

eyriepam-krb5Match2.3

eyriepam-krb5Match2.3.4

References

osvdb.org/54791

secunia.com/advisories/35230

secunia.com/advisories/43314

www.mandriva.com/security/advisories?name=MDVSA-2010:054

www.openwall.com/lists/oss-security/2009/05/27/1

www.securityfocus.com/archive/1/516397/100/0/threaded

www.securityfocus.com/bid/35112

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vupen.com/english/advisories/2009/1448

bugzilla.redhat.com/show_bug.cgi?id=502602

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7081

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9652

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.6 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for NVD:CVE-2009-1384

redhat1 nessus11 openvas16 debiancve1 cve1 prion1 oraclelinux1 ubuntucve1 fedora3 cvelist1 vmware2