Information disclosure in Fedoraproject 389_directory_server

CVE-2014-3562

Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

Vulnerability class: Information Disclosure

EPSS: 0.003 (54.2th percentile) — read the EPSS interpretation.

Affected products

Fedoraproject 389_directory_server — versions 1.2.1, 1.2.2, 1.2.3
Redhat Directory_server — versions 8.0
Redhat Enterprise_linux — versions 6.0, 7.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

RHSA-2014:1031 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2014:1032 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)