CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0CVE-2014-3562 – 389-ds: unauthenticated information disclosure
https://notcve.org/view.php?id=CVE-2014-3562
08 Aug 2014 — Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. Red Hat Directory Server 8 y 389 Directory Server, cuando depuración está habilitada, permite a atacantes remotos obtener metadatos replicados sensibles mediante la búsqueda del directorio. It was found that when replication was enabled for each attribute in Red Hat Directory Server / 389 Directory Server, which is the default configurati... • http://rhn.redhat.com/errata/RHSA-2014-1031.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2013-4283 – 389-ds-base: ns-slapd crash due to bogus DN
https://notcve.org/view.php?id=CVE-2013-4283
29 Aug 2013 — ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request. ns-slapd en 389 Directory Server anterior a v1.3.0.8 permite a atacantes remotos provocar una denegación de servicio (caída del servidor) a través de un Distinguished Name (DN) manipulado en una operación de petición MOD. The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory ... • http://directory.fedoraproject.org/wiki/Releases/1.3.0.8 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0CVE-2013-1897 – 389-ds: unintended information exposure when rootdse is enabled
https://notcve.org/view.php?id=CVE-2013-1897
13 May 2013 — The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search. La función do_search function en ldap/servers/slapd/search.c en 389 Directory Server 1.2.x anteior a 1.2.11.20 y 1.3.x ant... • http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101323.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2013-0312 – 389-ds: unauthenticated denial of service vulnerability in handling of LDAPv3 control data
https://notcve.org/view.php?id=CVE-2013-0312
13 Mar 2013 — 389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence. 389 Directory Server anterior a v1.3.0.4 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una secuencia de control de longitud cero LDAP. • http://directory.fedoraproject.org/wiki/Releases/1.3.0.4 • CWE-189: Numeric Errors •