Vulnerabilities > Redhat > Directory Server > 7.1

DATE CVE VULNERABILITY TITLE RISK
2013-11-23 CVE-2013-4485 Improper Input Validation vulnerability in multiple products
389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.
network
low complexity
redhat fedoraproject CWE-20
4.0
2013-07-31 CVE-2013-2219 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.
network
low complexity
fedoraproject redhat CWE-264
4.0
2012-07-03 CVE-2012-2746 Cryptographic Issues vulnerability in multiple products
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password.
network
high complexity
redhat fedoraproject CWE-310
2.1
2012-07-03 CVE-2012-2678 Cryptographic Issues vulnerability in multiple products
389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute.
local
high complexity
redhat fedoraproject CWE-310
1.2
2008-08-29 CVE-2008-3283 Resource Management Errors vulnerability in multiple products
Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests.
network
low complexity
fedora redhat CWE-399
7.8
2008-08-29 CVE-2008-2930 Resource Management Errors vulnerability in multiple products
Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem.
7.1
2008-08-29 CVE-2008-2929 Cross-Site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.
network
fedora redhat CWE-79
4.3
2008-08-29 CVE-2008-2928 Buffer Errors vulnerability in Redhat Directory Server 7.1
Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP header.
network
low complexity
redhat CWE-119
critical
10.0
2008-05-12 CVE-2008-1677 Classic Buffer Overflow vulnerability in Redhat Directory Server and Fedora Directory Server
Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.
network
low complexity
redhat CWE-120
7.5
2008-04-16 CVE-2008-0892 Improper Input Validation vulnerability in Redhat Directory Server and Fedora Directory Server
The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.
network
low complexity
redhat CWE-20
critical
9.0