ID CVE-2008-0927
Summary dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777.
References
Vulnerable Configurations
  • cpe:2.3:a:novell:edirectory:*:*:*:*:*:*:*:*
    cpe:2.3:a:novell:edirectory:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows-nt:2000:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows-nt:2000:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows-nt:2003:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows-nt:2003:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 31-10-2018 - 19:16)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 28757
bugtraq 20080505 Novell eDirectory DoS via HTTP headers
confirm http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1
exploit-db 5547
sectrack 1019836
secunia 29805
vupen ADV-2008-1217
xf novell-edirectory-dhost-dos(41787)
Last major update 31-10-2018 - 19:16
Published 14-04-2008 - 16:05
Last modified 31-10-2018 - 19:16
Back to Top