Page 3 of 37 results (0.015 seconds)

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

05 Mar 2015 — 389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors. 389 Directory Server anterior a 1.3.2.27 y 1.3.3.x anterior a 1.3.3.9 no restringe correctamente acceso al subárbol LDAP 'cn=changelog', lo que permite a atacantes remotos obtener información sensible del registro de cambios (changelog) a través de vectores no especifica... • http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 44EXPL: 0

05 Mar 2015 — 389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores "unhashed" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog. 389 Directory Server 1.3.1.x, 1.3.2.x anterior a 1.3.2.27, y 1.3.3.x anterior a 1.3.3.9 almacena contraseñas sin estar en hash incluso cuando la opción nsslapd-unhashed-pw-switch está configurado como apagado (off), lo que permite a usuarios... • http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •

CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0

08 Aug 2014 — Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. Red Hat Directory Server 8 y 389 Directory Server, cuando depuración está habilitada, permite a atacantes remotos obtener metadatos replicados sensibles mediante la búsqueda del directorio. It was found that when replication was enabled for each attribute in Red Hat Directory Server / 389 Directory Server, which is the default configurati... • http://rhn.redhat.com/errata/RHSA-2014-1031.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •

CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1

14 Mar 2014 — The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind. La funcionalidad de autenticación SASL en 389 Directory Server anterior a 1.2.11.26 permite a usuarios remotos autenticados conectar como un usuario arbitrario y ganar privilegios a través del parámetro authzid en un SASL/GSSAPI bind. The 389 Directory Server is an LDAPv3 compliant server. The bas... • http://rhn.redhat.com/errata/RHSA-2014-0292.html • CWE-287: Improper Authentication CWE-290: Authentication Bypass by Spoofing •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

21 Nov 2013 — 389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request. 389 Directory Server 1.2.11.15 (también conocido como Red Hat Directory Server anterior a la versión 8.2.11-14) permite a usuarios remotos autenticados provocar una denegación de servicio (caída) a través de múltiples caracteres @ en una lista de atributo GER de una petición de búsqueda. Th... • http://rhn.redhat.com/errata/RHSA-2013-1752.html • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

29 Aug 2013 — ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request. ns-slapd en 389 Directory Server anterior a v1.3.0.8 permite a atacantes remotos provocar una denegación de servicio (caída del servidor) a través de un Distinguished Name (DN) manipulado en una operación de petición MOD. The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory ... • http://directory.fedoraproject.org/wiki/Releases/1.3.0.8 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0

13 May 2013 — The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search. La función do_search function en ldap/servers/slapd/search.c en 389 Directory Server 1.2.x anteior a 1.2.11.20 y 1.3.x ant... • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101323.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

13 Mar 2013 — 389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence. 389 Directory Server anterior a v1.3.0.4 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una secuencia de control de longitud cero LDAP. • http://directory.fedoraproject.org/wiki/Releases/1.3.0.4 • CWE-189: Numeric Errors •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

01 Oct 2012 — 389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry. 389 Directory Server v1.2.10 no actualiza correctamente las ACL cuando una entrada DN es movida por una operación modrdn, lo que permite a usuarios autenticados con ciertos permisos, evitar restricciones ACL y de acceso a entrada DN. • http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 1

03 Jul 2012 — The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server. La funcion acllas__handle_group_entry en servers/plugins/acl/acllas.c en 389 Directory Server anterior a v1.2.10 no maneja adecuadamente las instruccio... • http://rhn.redhat.com/errata/RHSA-2012-0813.html • CWE-264: Permissions, Privileges, and Access Controls •