Lucene search

RedhatVULNRICHMENT:CVE-2024-6237

HistoryJul 09, 2024 - 4:39 p.m.

CVE-2024-6237 389-ds-base: unauthenticated user can trigger a dos by sending a specific extended search request

2024-07-0916:39:58

CWE-230

redhat

github.com

cve-2024-6237

389 directory server

unauthenticated user

systematic server crash

extended search request

denial of service

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

31.0%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.

References

access.redhat.com/errata/RHSA-2024:4997

access.redhat.com/errata/RHSA-2024:5192

access.redhat.com/security/cve/CVE-2024-6237

bugzilla.redhat.com/show_bug.cgi?id=2293579

github.com/389ds/389-ds-base/issues/5989

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

31.0%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-6237