← Back

CVE-2013-1897

nvd nist
Published: May 13, 2013Modified: Apr 29, 2026

JSON object

Loading...
2.6
Vector
AV:N/AC:H/Au:N/C:P/I:N/A:N
Exploitability: 4.9 / Impact: 2.9
Source: NVD

Description

The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search.

Affected (52)

Fedoraproject
1 product
389 Directory Server
Configuration A
49 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
389 Directory Server
Version 1.2.10.11
389 Directory Server
Version 1.2.10.2
389 Directory Server
Version 1.2.10.3
389 Directory Server
Version 1.2.10.4
389 Directory Server
Version 1.2.10
389 Directory Server
Version 1.2.10 alpha8
389 Directory Server
Version 1.2.10 rc1
389 Directory Server
Version 1.2.11.10
389 Directory Server
Version 1.2.11.11
389 Directory Server
Version 1.2.11.12
389 Directory Server
Version 1.2.11.13
389 Directory Server
Version 1.2.11.14
389 Directory Server
Version 1.2.11.15
389 Directory Server
Version 1.2.11.17
389 Directory Server
Version 1.2.11.19
389 Directory Server
Version 1.2.11.1
389 Directory Server
Version 1.2.11.5
389 Directory Server
Version 1.2.11.6
389 Directory Server
Version 1.2.11.8
389 Directory Server
Version 1.2.11.9
389 Directory Server
Version 1.2.1
389 Directory Server
Version 1.2.2
389 Directory Server
Version 1.2.3
389 Directory Server
Version 1.2.5
389 Directory Server
Version 1.2.5 rc1
389 Directory Server
Version 1.2.5 rc2
389 Directory Server
Version 1.2.5 rc3
389 Directory Server
Version 1.2.5 rc4
389 Directory Server
Version 1.2.6.1
389 Directory Server
Version 1.2.6
389 Directory Server
Version 1.2.6 a2
389 Directory Server
Version 1.2.6 a3
389 Directory Server
Version 1.2.6 a4
389 Directory Server
Version 1.2.6 rc1
389 Directory Server
Version 1.2.6 rc2
389 Directory Server
Version 1.2.6 rc3
389 Directory Server
Version 1.2.6 rc6
389 Directory Server
Version 1.2.6 rc7
389 Directory Server
Version 1.2.7.5
389 Directory Server
Version 1.2.7 alpha3
389 Directory Server
Version 1.2.8.1
389 Directory Server
Version 1.2.8.2
389 Directory Server
Version 1.2.8.3
389 Directory Server
Version 1.2.8 alpha1
389 Directory Server
Version 1.2.8 alpha2
389 Directory Server
Version 1.2.8 alpha3
389 Directory Server
Version 1.2.8 rc1
389 Directory Server
Version 1.2.8 rc2
389 Directory Server
Version 1.2.9.9
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
389 Directory Server
Version 1.3.0.2
389 Directory Server
Version 1.3.0.3
389 Directory Server
Version 1.3.0.4

Related CWEs

CWE-264
CWE-264

References (12)

Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.