Fedoraproject

389 Directory Server

39 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2015-3230

  • EPSS 0.61%
  • Veröffentlicht 29.10.2015 20:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.

4

CVE-2014-8112

  • EPSS 0.31%
  • Veröffentlicht 10.03.2015 14:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by re...

5

CVE-2014-8105

  • EPSS 0.46%
  • Veröffentlicht 10.03.2015 14:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.

5

CVE-2014-3562

  • EPSS 0.31%
  • Veröffentlicht 21.08.2014 14:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

6.5

CVE-2014-0132

Exploit
  • EPSS 0.57%
  • Veröffentlicht 18.03.2014 17:02:53
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.

4

CVE-2013-4485

  • EPSS 0.42%
  • Veröffentlicht 23.11.2013 11:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

5

CVE-2013-4283

  • EPSS 0.76%
  • Veröffentlicht 10.09.2013 19:55:11
  • Zuletzt bearbeitet 11.04.2025 00:51:21

ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.

4

CVE-2013-2219

  • EPSS 0.17%
  • Veröffentlicht 31.07.2013 13:20:25
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.

2.6

CVE-2013-1897

  • EPSS 0.41%
  • Veröffentlicht 13.05.2013 23:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the...

5

CVE-2013-0312

  • EPSS 1.38%
  • Veröffentlicht 13.03.2013 20:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.