Information Leakage

2019-01-1509:14:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

71.6%

JSON

389 Directory Server is vulnerable to an information disclosure. It is possible because a user with no access to objects in certain LDAP sub-tree is not restricted to not to send LDAP ADD operations with a specific object name, resulting in differnt error message returned to the user based on whether the target object existed or not.

CPENameOperatorVersion
389-ds-baseeq1.2.11.15__14.el6_4
389-ds-baseeq1.2.11.15__30.el6_5
389-ds-baseeq1.2.11.15__31.el6_5
389-ds-baseeq1.2.11.15__46.el6
389-ds-baseeq1.2.11.15__62.el6_7
389-ds-baseeq1.2.11.15__72.el6_7
389-ds-baseeq1.2.11.15__50.el6_6
389-ds-baseeq1.2.11.15__48.el6_6
389-ds-baseeq1.2.10.2__18.el6_3
389-ds-baseeq1.2.11.15__60.el6

Name	Operator	Version
389-ds-base	eq	1.2.11.15__14.el6_4
389-ds-base	eq	1.2.11.15__30.el6_5
389-ds-base	eq	1.2.11.15__31.el6_5
389-ds-base	eq	1.2.11.15__46.el6
389-ds-base	eq	1.2.11.15__62.el6_7
389-ds-base	eq	1.2.11.15__72.el6_7
389-ds-base	eq	1.2.11.15__50.el6_6
389-ds-base	eq	1.2.11.15__48.el6_6
389-ds-base	eq	1.2.10.2__18.el6_3
389-ds-base	eq	1.2.11.15__60.el6