Vulnerabilities > Fedoraproject > 389 Directory Server > 1.2.11.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-05-13 | CVE-2013-1897 | Permissions, Privileges, and Access Controls vulnerability in Fedoraproject 389 Directory Server The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search. | 2.6 |
2013-03-13 | CVE-2013-0312 | Numeric Errors vulnerability in Fedoraproject 389 Directory Server 389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence. | 5.0 |