CVE-2008-2929

Published: Aug 29, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.

Affected (9)

Products: Fedora: Directory Server · Redhat: Directory Server

1 product

Directory Server

1 product

Directory Server

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Fedora Directory Server	All versions
Redhat Directory Server	Version 7.1 sp1
Redhat Directory Server	Version 7.1 sp2
Redhat Directory Server	Version 7.1 sp3
Redhat Directory Server	Version 7.1 sp4
Redhat Directory Server	Version 7.1 sp5
Redhat Directory Server	Version 7.1 sp6
Redhat Directory Server	Version 8.0 el4
Redhat Directory Server	Version 8.0 el5

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (32)

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861

Source: secalert@redhat.com

http://secunia.com/advisories/31565

Source: secalert@redhat.com

http://secunia.com/advisories/31612

Source: secalert@redhat.com

http://secunia.com/advisories/31702

Source: secalert@redhat.com

http://secunia.com/advisories/31777

Source: secalert@redhat.com

http://securitytracker.com/id?1020772

Source: secalert@redhat.com

http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html

Source: secalert@redhat.com

Patch

http://www.securityfocus.com/bid/30870

Source: secalert@redhat.com

Patch

http://www.vupen.com/english/advisories/2008/2480

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=454621

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/44737

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5877

Source: secalert@redhat.com

https://rhn.redhat.com/errata/RHSA-2008-0596.html

Source: secalert@redhat.com

https://rhn.redhat.com/errata/RHSA-2008-0601.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00218.html

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00449.html

Source: secalert@redhat.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31565

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31612

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31702

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31777

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1020772

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/bid/30870

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.vupen.com/english/advisories/2008/2480

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=454621

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/44737

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5877

Source: af854a3a-2127-422b-91ae-364da2661108

https://rhn.redhat.com/errata/RHSA-2008-0596.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://rhn.redhat.com/errata/RHSA-2008-0601.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00218.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00449.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.