Lucene search
HistoryNov 04, 2009 - 6:30 p.m.
CVE-2009-3862
novell
edirectory
ldap
search request
dos
cve-2009-3862
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.6 Medium
AI Score
Confidence
High
0.024 Low
EPSS
Percentile
90.1%
The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value.
Affected configurations
Node
novelledirectoryMatch8.7.3
ORnovelledirectoryMatch8.7.3sp2windows
ORnovelledirectoryMatch8.7.3sp3windows
ORnovelledirectoryMatch8.7.3sp4windows
ORnovelledirectoryMatch8.7.3sp5windows
ORnovelledirectoryMatch8.7.3sp6windows
ORnovelledirectoryMatch8.7.3sp7windows
ORnovelledirectoryMatch8.7.3sp8windows
ORnovelledirectoryMatch8.7.3sp9windows
ORnovelledirectoryMatch8.7.3.8
ORnovelledirectoryMatch8.7.3.9
ORnovelledirectoryMatch8.8
ORnovelledirectoryMatch8.8sp1
ORnovelledirectoryMatch8.8sp2
ORnovelledirectoryMatch8.8sp3
ORnovelledirectoryMatch8.8sp4
ORnovelledirectoryMatch8.8.1
ORnovelledirectoryMatch8.8.2
Related
openvas
openvas
Novell eDirectory NULL Base DN Denial Of Service Vulnerability
2009-11-09 00:00:00
nvd
nvd
CVE-2009-3862
2009-11-04 18:30:00
zdi
zdi
Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability
2009-11-02 00:00:00
prion
prion
Design/Logic Flaw
2009-11-04 18:30:00
nessus
nessus
Novell eDirectory < 8.8.5 ftf1/8.7.3.10 ftf2 NULL Base DN DoS
2009-11-06 00:00:00
cvelist
cvelist
CVE-2009-3862
2009-11-04 18:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.6 Medium
AI Score
Confidence
High
0.024 Low
EPSS
Percentile
90.1%
Related for CVE-2009-3862