Denial of Service Vulnerability in IBM SecureWay LDAP Services
CVE-2001-1310

Currently unrated

Key Information:

Vendor: IBM
Status: Secureway Directory
Vendor: CVE Published:; 16 July 2001

Summary

IBM SecureWay version 3.2.1 is susceptible to a denial of service attack due to flaws in handling invalid encodings in the L field of BER encoding. This vulnerability can be exploited by remote attackers to crash the service and may enable arbitrary code execution. The vulnerability has been demonstrated using the PROTOS LDAPv3 test suite, highlighting significant risks associated with improper input validation in the LDAP protocol.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/6894

vdb-entryx_refsource_XF

http://www.cert.org/advisories/CA-2001-18.html

third-party-advisoryx_refsource_CERT

http://www.kb.cert.org/vuls/id/CFCR-4YQ33Y

x_refsource_MISC

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
May 1, 2002
Vulnerability published
Jul 16, 2001