Improper input validation in Fedoraproject 389_directory_server

CVE-2013-4485

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list in a search request.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.004 (58.7th percentile) — read the EPSS interpretation.

Affected products

Fedoraproject 389_directory_server — versions 1.2.11.15
Redhat Directory_server — versions 7.1, 8.0, 8.1
Redhat Enterprise_linux — versions 6.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

RHSA-2013:1752 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
55765 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
RHSA-2013:1753 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)