CVE-2013-4485

2013-11-2311:55:04

CWE-20

redhat

web.nvd.nist.gov

cve-2013-4485

389 directory server

red hat directory server

denial of service

crash

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

AI Score

Confidence

Low

EPSS

0.002

Percentile

64.8%

JSON

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

Affected configurations

Nvd

Node

redhatenterprise_linuxMatch6.0

Node

fedoraproject389_directory_serverMatch1.2.11.15

redhatdirectory_serverRange≤8.2

redhatdirectory_serverMatch7.1

redhatdirectory_serverMatch8.0

redhatdirectory_serverMatch8.1

VendorProductVersionCPE
redhatenterprise_linux6.0cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
fedoraproject389_directory_server1.2.11.15cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.15:*:*:*:*:*:*:*
redhatdirectory_server*cpe:2.3:a:redhat:directory_server:*:*:*:*:*:*:*:*
redhatdirectory_server7.1cpe:2.3:a:redhat:directory_server:7.1:*:*:*:*:*:*:*
redhatdirectory_server8.0cpe:2.3:a:redhat:directory_server:8.0:*:*:*:*:*:*:*
redhatdirectory_server8.1cpe:2.3:a:redhat:directory_server:8.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	enterprise_linux	6.0	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
fedoraproject	389_directory_server	1.2.11.15	cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.15:::::::*
redhat	directory_server	*	cpe:2.3:a:redhat:directory_server::::::::
redhat	directory_server	7.1	cpe:2.3:a:redhat:directory_server:7.1:::::::*
redhat	directory_server	8.0	cpe:2.3:a:redhat:directory_server:8.0:::::::*
redhat	directory_server	8.1	cpe:2.3:a:redhat:directory_server:8.1:::::::*