Fedoraproject: >> 389 Directory Server >> 1.2.11.21 Security Vulnerabilities
389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.005
Published
2015-03-10
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-08-21
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
CVSS Score
6.5
EPSS Score
0.007
Published
2014-03-18
ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.
CVSS Score
5.0
EPSS Score
0.008
Published
2013-09-10
389 Directory Server before 1.3.0.4 allows remote attackers to cause a denial of service (crash) via a zero length LDAP control sequence.
CVSS Score
5.0
EPSS Score
0.014
Published
2013-03-13
Page 2