Directory Server@7.1 Security Vulnerabilities and Issues — Directory Server@7.1 CVE List

Lucene search

RedhatDirectory Server7.1

10 matches found

CVE•added 2013/11/23 11:55 a.m.•61 views

CVE-2013-4485

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

4CVSS6AI score0.00422EPSS

CVE•added 2013/07/31 1:20 p.m.•58 views

CVE-2013-2219

The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.

4CVSS5.6AI score0.00173EPSS

CVE•added 2012/07/03 4:40 p.m.•56 views

CVE-2012-2678

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.

1.2CVSS6.6AI score0.00238EPSS

CVE•added 2008/08/29 6:41 p.m.•49 views

CVE-2008-2930

Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem.

7.1CVSS6.3AI score0.14648EPSS

CVE•added 2012/07/03 4:40 p.m.•47 views

CVE-2012-2746

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.

2.1CVSS6.2AI score0.00509EPSS

CVE•added 2008/05/12 4:20 p.m.•46 views

CVE-2008-1677

Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.

7.5CVSS7.8AI score0.02616EPSS

CVE•added 2008/08/29 6:41 p.m.•46 views

CVE-2008-2929

Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject a...

4.3CVSS5.5AI score0.00627EPSS

CVE•added 2008/04/16 6:5 p.m.•45 views

CVE-2008-0892

The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.

9CVSS7AI score0.03013EPSS

CVE•added 2008/08/29 6:41 p.m.•41 views

CVE-2008-2928

Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP header.

10CVSS7.7AI score0.23548EPSS

CVE•added 2008/08/29 6:41 p.m.•37 views

CVE-2008-3283

Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP searc...

7.8CVSS6.4AI score0.07322EPSS