Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8105

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-8105
Last Modified 06 Apr 2015 09:59:50
Published 10 Mar 2015 10:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-8105

Summary

389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.

Vulnerable Systems

Application

  • Fedoraproject 389 Directory Server 1.3.2.26

  • Fedoraproject 389 Directory Server 1.3.3.0

  • Fedoraproject 389 Directory Server 1.3.3.2

  • Fedoraproject 389 Directory Server 1.3.3.3

  • Fedoraproject 389 Directory Server 1.3.3.5

  • Fedoraproject 389 Directory Server 1.3.3.8


References

REDHAT - RHSA-2015:0628

REDHAT - RHSA-2015:0416

CONFIRM - http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html

CONFIRM - http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html

FEDORA - FEDORA-2015-3368


Last Updated: 27 May 2016 11:08:02