NVD

Id
38033  
Name
CVE-2013-1897  
Description
The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search.  
Reject
 
CVSS Version
2  
CVSS Score
2.6  
Severity
Low  
CVSS Base Score
2.6  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-18  
Published
2013-05-13  
Modified Date
2013-05-14  
Seq
2013-1897  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
194285 38033 CVE-2013-1897 FEDORA-2013-4578  View
194286 38033 CVE-2013-1897 RHSA-2013:0742  View
194287 38033 CVE-2013-1897 https://bugzilla.redhat.com/show_bug.cgi?id=928105  View
194288 38033 CVE-2013-1897 https://fedorahosted.org/389/ticket/47308  View
194289 38033 CVE-2013-1897 https://fedorahosted.org/freeipa/ticket/3540  View
194290 38033 CVE-2013-1897 https://git.fedorahosted.org/cgit/389/ds.git/commit/?h=389-ds-base-1.2.11&id=5a18c828533a670e7143327893f8171a19062286  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
21067 JVNDB-2013-002642 389 Directory Server の ldap/servers/slapd/search.c における重要な情報を取得される脆弱性 389 Directory Server の ldap/servers/slapd/search.c の do_search 関数は、nsslapd-allow-anonymous-access の設定が RootDSE に設定されている、および BASE 検索範囲が使用されている場合、エントリへのアクセスを適切に制限しないため、重要な情報を取得される脆弱性が存在します。 CVE-2013-1897 61839 CVE-2013-1897 38033 2.6 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-002642.html 2013-03-28 2013-05-15 View