Vulnerability Details CVE-2001-1306
iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid BER length of length fields, as demonstrated by the PROTOS LDAPv3 test suite.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.066
EPSS Ranking 90.7%
CVSS Severity
CVSS v2 Score 7.5
References
- ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I
- http://www.cert.org/advisories/CA-2001-18.html
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
- http://www.kb.cert.org/vuls/id/276944
- http://www.kb.cert.org/vuls/id/JPLA-4WESMM
- ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I
- http://www.cert.org/advisories/CA-2001-18.html
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
- http://www.kb.cert.org/vuls/id/276944
- http://www.kb.cert.org/vuls/id/JPLA-4WESMM
Products affected by CVE-2001-1306
-
cpe:2.3:a:sun:iplanet_directory_server:-