CVE-2001-1306

Currently unrated

Key Information:

Vendor: Oracle
Status: Iplanet Directory Server
Vendor: CVE Published:; 16 July 2001

Summary

iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid BER length of length fields, as demonstrated by the PROTOS LDAPv3 test suite.

References

http://www.cert.org/advisories/CA-2001-18.html

third-party-advisoryx_refsource_CERT

ftp://patches.sgi.com/support/free/security/advisories/20...

vendor-advisoryx_refsource_SGI

http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/l...

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
May 1, 2002
Vulnerability published
Jul 16, 2001