Information Disclosure Vulnerability in 389 Directory Server by Red Hat
CVE-2014-8105

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: 389 Directory Server
Vendor: CVE Published:; 10 March 2015

Summary

The 389 Directory Server is susceptible to an information disclosure vulnerability due to improper access restrictions on the 'cn=changelog' LDAP sub-tree. This flaw allows remote attackers to access sensitive information stored in the changelog using unspecified vectors, potentially compromising the integrity and confidentiality of the data within the server. Administrators of the affected versions should prioritize applying necessary patches to mitigate the risks associated with this vulnerability.

References

http://directory.fedoraproject.org/docs/389ds/releases/re...

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2015-0416.html

vendor-advisoryx_refsource_REDHAT

http://directory.fedoraproject.org/docs/389ds/releases/re...

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 10, 2015
Vulnerability Reserved
Oct 10, 2014