Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2929

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-2929
Last Modified 07 Mar 2011 10:09:57
Published 29 Aug 2008 02:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2929

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.

Vulnerable Systems

Application

  • Fedora Directory Server

  • Redhat Directory Server 7.1

  • Redhat Directory Server 8.0


References

BID - 30870

CONFIRM - http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html

FEDORA - FEDORA-2008-7339

FEDORA - FEDORA-2008-7642

REDHAT - RHSA-2008:0601

REDHAT - RHSA-2008:0596

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=454621

XF - rhds-dsgw-dsae-xss(44737)

VUPEN - ADV-2008-2480

SECTRACK - 1020772

SECUNIA - 31777

SECUNIA - 31702

SECUNIA - 31612

SECUNIA - 31565

HP - SSRT080113

HP - HPSBUX02354


Last Updated: 27 May 2016 10:49:54