| ID |
CVE-2008-2930
|
| Summary |
Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:fedora:directory_server:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fedora:directory_server:1.1.1:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:directory_server:7.1:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp1:*:*:*:*:*:*
-
cpe:2.3:a:redhat:directory_server:7.1:sp2:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp2:*:*:*:*:*:*
-
cpe:2.3:a:redhat:directory_server:7.1:sp3:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp3:*:*:*:*:*:*
-
cpe:2.3:a:redhat:directory_server:7.1:sp4:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp4:*:*:*:*:*:*
-
cpe:2.3:a:redhat:directory_server:7.1:sp5:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp5:*:*:*:*:*:*
-
cpe:2.3:a:redhat:directory_server:7.1:sp6:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp6:*:*:*:*:*:*
-
cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.1 (as of 29-09-2017 - 01:31) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-399 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:N/I:N/A:C
|
| oval
via4
|
| accepted | 2015-04-20T04:02:29.798-04:00 | | class | vulnerability | | contributors | | name | Michael Wood | | organization | Hewlett-Packard |
| name | Sushant Kumar Singh | | organization | Hewlett-Packard |
| name | Sushant Kumar Singh | | organization | Hewlett-Packard |
| name | Prashant Kumar | | organization | Hewlett-Packard |
| name | Mike Cokus | | organization | The MITRE Corporation |
| | description | Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem. | | family | unix | | id | oval:org.mitre.oval:def:6078 | | status | accepted | | submitted | 2008-09-02T12:41:14.000-04:00 | | title | HP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS) | | version | 45 |
|
| redhat
via4
|
| advisories | | | rpms | - redhat-ds-0:7.1SP7-14.RHEL3
- redhat-ds-0:7.1SP7-14.RHEL4
- redhat-ds-admin-0:8.0.4-3.el4dsrv
- redhat-ds-admin-0:8.0.4-3.el5dsrv
- redhat-ds-admin-debuginfo-0:8.0.4-3.el4dsrv
- redhat-ds-admin-debuginfo-0:8.0.4-3.el5dsrv
- redhat-ds-base-0:8.0.4-7.el4dsrv
- redhat-ds-base-0:8.0.4-7.el5dsrv
- redhat-ds-base-debuginfo-0:8.0.4-7.el4dsrv
- redhat-ds-base-debuginfo-0:8.0.4-7.el5dsrv
- redhat-ds-base-devel-0:8.0.4-7.el4dsrv
- redhat-ds-base-devel-0:8.0.4-7.el5dsrv
- redhat-ds-base-0:8.0.4-7.el5dsrv
- redhat-ds-base-debuginfo-0:8.0.4-7.el5dsrv
- redhat-ds-base-devel-0:8.0.4-7.el5dsrv
|
|
| refmap
via4
|
| bid | 30871 | | confirm | | | fedora | - FEDORA-2008-7813
- FEDORA-2008-7891
| | hp | | | sectrack | 1020773 | | secunia | | | vupen | ADV-2008-2480 | | xf | rhds-ldapsearch-dos(44733) |
|
| Last major update |
29-09-2017 - 01:31 |
| Published |
29-08-2008 - 18:41 |
| Last modified |
29-09-2017 - 01:31 |
