Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-3883

Опубликовано: 17 апр. 2019
Источник: nvd
CVSS3: 5.3
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*
Версия до 1.4.1.2 (включая)
Конфигурация 2
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 58%
0.00362
Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-772
CWE-772

Связанные уязвимости

ubuntu логотип

CVE-2019-3883

CVSS3: 7.5
ubuntu
почти 7 лет назад

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

redhat логотип

CVE-2019-3883

CVSS3: 5.3
redhat
почти 7 лет назад

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

debian логотип

CVE-2019-3883

CVSS3: 7.5
debian
почти 7 лет назад

In 389-ds-base up to version 1.4.1.2, requests are handled by workers ...

github логотип

GHSA-c65q-p9xj-798w

CVSS3: 7.5
github
больше 3 лет назад

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

oracle-oval логотип

ELSA-2019-1896

oracle-oval
больше 6 лет назад

ELSA-2019-1896: 389-ds-base security and bug fix update (MODERATE)

EPSS

Процентиль: 58%
0.00362
Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-772
CWE-772