CVE-2001-0974 - Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow rem

CVE-2001-0974

Summary

Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.

References

http://www.cert.org/advisories/CA-2001-18.html
http://www.ciac.org/ciac/bulletins/l-116.shtml
http://www.kb.cert.org/vuls/id/869184
http://www.securityfocus.com/bid/3048
https://exchange.xforce.ibmcloud.com/vulnerabilities/6903

Vulnerable Configurations

cpe:2.3:a:oracle:internet_directory:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:internet_directory:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:internet_directory:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:internet_directory:3.0.1:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 19-12-2017 - 02:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	3048
cert	CA-2001-18
cert-vn	VU#869184
ciac	L-116
xf	oracle-ldap-protos-format-string(6903)

Last major update

19-12-2017 - 02:29

Published

17-07-2001 - 04:00

Last modified

19-12-2017 - 02:29