Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0927

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-0927
Last Modified 07 Mar 2011 10:05:40
Published 14 Apr 2008 12:05:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0927

Summary

dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777.

Vulnerable Systems

Application

  • Novell Edirectory 8.7.3.9

  • Novell Edirectory 8.8.2


References

XF - novell-edirectory-dhost-dos(41787)

VUPEN - ADV-2008-1217

SECTRACK - 1019836

BID - 28757

BUGTRAQ - 20080505 Novell eDirectory DoS via HTTP headers

CONFIRM - http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1

MILW0RM - 5547

SECUNIA - 29805


Last Updated: 27 May 2016 10:46:58