CVE-2008-0893

Published: Apr 16, 2008Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.

Affected (2)

Products: Redhat: Directory Server

Redhat

1 product

Directory Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Directory Server	Version 8.0 el4
Redhat Directory Server	Version 8.0 el5

Related CWEs

CWE-264

References (18)

http://secunia.com/advisories/29761

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/29826

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2008-0201.html

Source: secalert@redhat.com

Patch

http://www.securityfocus.com/bid/28802

Source: secalert@redhat.com

http://www.securitytracker.com/id?1019857

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=437320

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/41843

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html

Source: secalert@redhat.com

http://secunia.com/advisories/29761