CVE-2018-12469 - Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterp

CVE-2018-12469

Summary

Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.

References

https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29624/enterprise-server-security-fix-october-2018

Vulnerable Configurations

cpe:2.3:a:microfocus:enterprise_developer:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_developer:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_developer:2.3:update1:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_developer:2.3:update1:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_developer:2.3:update2:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_developer:2.3:update2:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_developer:3.0:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_developer:3.0:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_developer:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_developer:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_developer:4.0:update1:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_developer:4.0:update1:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_server:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_server:2.3:update1:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_server:2.3:update1:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_server:2.3:update2:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_server:2.3:update2:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_server:3.0:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_server:3.0:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_server:4.0:update1:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_server:4.0:update1:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 09-10-2019 - 23:33)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

confirm

https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29624/enterprise-server-security-fix-october-2018

Last major update

09-10-2019 - 23:33

Published

12-10-2018 - 13:29

Last modified

09-10-2019 - 23:33