Denial of Service Vulnerability in iPlanet Directory Server by Sun Microsystems
CVE-2001-1306

Currently unrated

Key Information:

Vendor: Oracle
Status: Iplanet Directory Server
Vendor: CVE Published:; 16 July 2001

What is CVE-2001-1306?

The iPlanet Directory Server versions 4.1.4 and earlier are susceptible to a vulnerability that allows remote attackers to exploit an improperly handled invalid BER length in length fields. This exploitation could lead to a denial of service condition, causing the server to crash and potentially opening up avenues for arbitrary code execution, as validated by tests from the PROTOS LDAPv3 test suite. Organizations using these vulnerable versions should prioritize mitigation strategies to safeguard their LDAP implementations.

References

http://www.cert.org/advisories/CA-2001-18.html

third-party-advisoryx_refsource_CERT

ftp://patches.sgi.com/support/free/security/advisories/20...

vendor-advisoryx_refsource_SGI

http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/l...

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
May 1, 2002
Vulnerability published
Jul 16, 2001

Oracle

What is CVE-2001-1306?

References

EPSS Score

Timeline