Lucene search
K

6 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.1 views

SUSE CVE-2019-3883

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during...

5.3CVSS6.9AI score0.08426EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/12/10 12:0 a.m.28 views

EulerOS 2.0 SP2 : 389-ds-base (EulerOS-SA-2019-2369)

According to the versions of the 389-ds-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different retu...

9.8CVSS6.6AI score0.08426EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2019/11/05 9:17 p.m.8 views

389-ds-base: DoS via hanging secured connections

It was found that encrypted connections did not honor the 'ioblocktimeout' parameter to end blocking requests. As a result, an unauthenticated attacker could repeatedly start a sufficient number of encrypted connections to block all workers, resulting in a denial of service...

7.5CVSS5.7AI score0.08426EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/07/29 3:37 p.m.5 views

389-ds-base: DoS via hanging secured connections

It was found that encrypted connections did not honor the 'ioblocktimeout' parameter to end blocking requests. As a result, an unauthenticated attacker could repeatedly start a sufficient number of encrypted connections to block all workers, resulting in a denial of service...

7.5CVSS5.7AI score0.08426EPSS
Exploits0References4
OSV
OSV
added 2019/04/17 2:29 p.m.2 views

UBUNTU-CVE-2019-3883

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during...

7.5CVSS6.3AI score0.08426EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/04/17 12:0 a.m.2 views

PT-2019-16752 · Red Hat +4 · 389-Ds-Base +5

Name of the Vulnerable Software and Affected Versions: 389-ds-base versions 1.4.1.2 and earlier Description: The issue allows an unauthenticated attacker to create hanging LDAP requests, potentially hanging all worker threads and resulting in a Denial of Service. This occurs because connections...

7.8CVSS6.5AI score0.08426EPSS
Exploits4References84
Rows per page
Query Builder