Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2013-1897
HistoryMay 13, 2013 - 11:55 p.m.

CVE-2013-1897

2013-05-1323:55:01
CWE-264
[email protected]
web.nvd.nist.gov
2

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.6%

JSON

The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search.

Affected configurations

NVD
Node
fedoraproject389_directory_serverMatch1.2.1
OR
fedoraproject389_directory_serverMatch1.2.2
OR
fedoraproject389_directory_serverMatch1.2.3
OR
fedoraproject389_directory_serverMatch1.2.5
OR
fedoraproject389_directory_serverMatch1.2.5rc1
OR
fedoraproject389_directory_serverMatch1.2.5rc2
OR
fedoraproject389_directory_serverMatch1.2.5rc3
OR
fedoraproject389_directory_serverMatch1.2.5rc4
OR
fedoraproject389_directory_serverMatch1.2.6
OR
fedoraproject389_directory_serverMatch1.2.6a2
OR
fedoraproject389_directory_serverMatch1.2.6a3
OR
fedoraproject389_directory_serverMatch1.2.6a4
OR
fedoraproject389_directory_serverMatch1.2.6rc1
OR
fedoraproject389_directory_serverMatch1.2.6rc2
OR
fedoraproject389_directory_serverMatch1.2.6rc3
OR
fedoraproject389_directory_serverMatch1.2.6rc6
OR
fedoraproject389_directory_serverMatch1.2.6rc7
OR
fedoraproject389_directory_serverMatch1.2.6.1
OR
fedoraproject389_directory_serverMatch1.2.7alpha3
OR
fedoraproject389_directory_serverMatch1.2.7.5
OR
fedoraproject389_directory_serverMatch1.2.8alpha1
OR
fedoraproject389_directory_serverMatch1.2.8alpha2
OR
fedoraproject389_directory_serverMatch1.2.8alpha3
OR
fedoraproject389_directory_serverMatch1.2.8rc1
OR
fedoraproject389_directory_serverMatch1.2.8rc2
OR
fedoraproject389_directory_serverMatch1.2.8.1
OR
fedoraproject389_directory_serverMatch1.2.8.2
OR
fedoraproject389_directory_serverMatch1.2.8.3
OR
fedoraproject389_directory_serverMatch1.2.9.9
OR
fedoraproject389_directory_serverMatch1.2.10
OR
fedoraproject389_directory_serverMatch1.2.10alpha8
OR
fedoraproject389_directory_serverMatch1.2.10rc1
OR
fedoraproject389_directory_serverMatch1.2.10.2
OR
fedoraproject389_directory_serverMatch1.2.10.3
OR
fedoraproject389_directory_serverMatch1.2.10.4
OR
fedoraproject389_directory_serverMatch1.2.10.11
OR
fedoraproject389_directory_serverMatch1.2.11.1
OR
fedoraproject389_directory_serverMatch1.2.11.5
OR
fedoraproject389_directory_serverMatch1.2.11.6
OR
fedoraproject389_directory_serverMatch1.2.11.8
OR
fedoraproject389_directory_serverMatch1.2.11.9
OR
fedoraproject389_directory_serverMatch1.2.11.10
OR
fedoraproject389_directory_serverMatch1.2.11.11
OR
fedoraproject389_directory_serverMatch1.2.11.12
OR
fedoraproject389_directory_serverMatch1.2.11.13
OR
fedoraproject389_directory_serverMatch1.2.11.14
OR
fedoraproject389_directory_serverMatch1.2.11.15
OR
fedoraproject389_directory_serverMatch1.2.11.17
OR
fedoraproject389_directory_serverMatch1.2.11.19
Node
fedoraproject389_directory_serverMatch1.3.0.2
OR
fedoraproject389_directory_serverMatch1.3.0.3
OR
fedoraproject389_directory_serverMatch1.3.0.4

Related

amazon 1
openvas 12
altlinux 1
oraclelinux 1
ubuntucve 1
veracode 1
centos 1
nessus 8
prion 1
cve 1
redhat 1
debiancve 1
cvelist 1
fedora 3
amazon
amazon
Low: 389-ds-base
2013-04-18 15:39:00
openvas
openvas
RedHat Update for 389-ds-base RHSA-2013:0742-01
2013-04-19 00:00:00
Amazon Linux: Security Advisory (ALAS-2013-184)
2015-09-08 00:00:00
CentOS Update for 389-ds-base CESA-2013:0742 centos6
2013-04-19 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package freeipa version 3.1.99-3
2013-04-02 00:00:00
oraclelinux
oraclelinux
389-ds-base security and bug fix update
2013-04-15 00:00:00
ubuntucve
ubuntucve
CVE-2013-1897
2013-05-13 00:00:00
veracode
veracode
Information Disclosure
2019-01-15 08:51:48
centos
centos
389 security update
2013-04-16 11:10:18
nessus
nessus
RHEL 6 : 389-ds-base (RHSA-2013:0742)
2013-04-16 00:00:00
CentOS 6 : 389-ds-base (CESA-2013:0742)
2013-04-17 00:00:00
Amazon Linux AMI : 389-ds-base (ALAS-2013-184)
2013-09-04 00:00:00
prion
prion
Information disclosure
2013-05-13 23:55:00
cve
cve
CVE-2013-1897
2013-05-13 23:55:01
redhat
redhat
(RHSA-2013:0742) Low: 389-ds-base security and bug fix update
2013-04-15 00:00:00
debiancve
debiancve
CVE-2013-1897
2013-05-13 23:55:01
cvelist
cvelist
CVE-2013-1897
2013-05-13 23:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: 389-ds-base-1.3.0.5-1.fc18
2013-04-03 04:32:01
[SECURITY] Fedora 17 Update: 389-ds-base-1.2.11.21-1.fc17
2013-06-13 06:11:57
[SECURITY] Fedora 18 Update: freeipa-3.1.3-4.fc18
2013-04-11 10:07:12

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.6%

JSON
Related for NVD:CVE-2013-1897
amazon1openvas12altlinux1oraclelinux1ubuntucve1veracode1centos1nessus8prion1cve1redhat1debiancve1cvelist1fedora3