389 Directory Server Security Vulnerabilities and Issues — 389 Directory Server CVE List

Lucene search

Fedoraproject389 Directory Server

3 matches found

CVE•added 2015/03/10 2:59 p.m.•57 views

CVE-2014-8105

389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.

5CVSS6AI score0.00435EPSS

CVE•added 2015/03/10 2:59 p.m.•57 views

CVE-2014-8112

389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.

4CVSS5.6AI score0.00266EPSS

CVE•added 2015/10/29 8:59 p.m.•54 views

CVE-2015-3230

389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.

7.5CVSS6.8AI score0.00606EPSS