Server side request forgery (ssrf)

2018-06-2213:29:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.3%

JSON

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.

CPENameOperatorVersion
389_directory_serverge1.3.5.0
389_directory_serverlt1.3.5.17
389_directory_serverge1.3.6.0
389_directory_serverlt1.3.6.10
enterprise_linux_desktopeq7.0
enterprise_linux_desktopeq6.0
enterprise_linux_servereq7.0
enterprise_linux_servereq6.0
enterprise_linux_workstationeq7.0
enterprise_linux_workstationeq6.0

Name	Operator	Version
389_directory_server	ge	1.3.5.0
389_directory_server	lt	1.3.5.17
389_directory_server	ge	1.3.6.0
389_directory_server	lt	1.3.6.10
enterprise_linux_desktop	eq	7.0
enterprise_linux_desktop	eq	6.0
enterprise_linux_server	eq	7.0
enterprise_linux_server	eq	6.0
enterprise_linux_workstation	eq	7.0
enterprise_linux_workstation	eq	6.0