Directory Traversal Vulnerability in Red Hat Directory Server and 389 Directory Server
CVE-2014-3562

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: 389 Directory Server; Enterprise Linux; Directory Server
Vendor: CVE Published:; 21 August 2014

🔔 Create Fedoraproject Vulnerability Alert

What is CVE-2014-3562?

A vulnerability in Red Hat Directory Server 8 and 389 Directory Server exists, which, when debugging is enabled, permits remote attackers to retrieve sensitive replicated metadata. This situation arises due to improper access controls that allow unauthorized searches of the directory, potentially compromising the integrity of sensitive data. It is critical for organizations using these servers to take necessary precautions to ensure that debugging is not enabled in production environments.

References

http://rhn.redhat.com/errata/RHSA-2014-1031.html

vendor-advisoryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=1123477

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2014-1032.html

vendor-advisoryx_refsource_REDHAT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2014
Vulnerability Reserved
May 14, 2014