Описание
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-8105
- https://access.redhat.com/errata/RHSA-2015:0416
- https://access.redhat.com/errata/RHSA-2015:0628
- https://access.redhat.com/security/cve/CVE-2014-8105
- https://bugzilla.redhat.com/show_bug.cgi?id=1167858
- http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-2-27.html
- http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-9.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153991.html
- http://rhn.redhat.com/errata/RHSA-2015-0416.html
- http://rhn.redhat.com/errata/RHSA-2015-0628.html
Связанные уязвимости
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does n ...
ELSA-2015-0628: 389-ds-base security, bug fix, and enhancement update (IMPORTANT)