CVE-2013-4485

EPSS 0.42%
Published 23.11.2013 11:55:04
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Enterprise Linux Version6.0

Fedoraproject ≫ 389 Directory Server Version1.2.11.15

Redhat ≫ Directory Server Version <= 8.2

Redhat ≫ Directory Server Version7.1

Redhat ≫ Directory Server Version8.0

Redhat ≫ Directory Server Version8.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.42%	0.591

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2013-1752.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-1753.html

Vendor Advisory

http://secunia.com/advisories/55765

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-4485

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-4485

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-4485

EUVD