CVE-2008-0893

Current Description

Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.

Basic Data

PublishedApril 16, 2008
Last ModifiedAugust 08, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatDirectory Server8.0el4******
    2.3ApplicationRedhatDirectory Server8.0el5******

Vulnerable Software List

VendorProductVersions
Redhat Directory Server 8.0

References

NameSourceURLTags
29761http://secunia.com/advisories/29761SECUNIAVendor Advisory
29826http://secunia.com/advisories/29826SECUNIA
RHSA-2008:0201http://www.redhat.com/support/errata/RHSA-2008-0201.htmlREDHATPatch
28802http://www.securityfocus.com/bid/28802BID
1019857http://www.securitytracker.com/id?1019857SECTRACK
https://bugzilla.redhat.com/show_bug.cgi?id=437320https://bugzilla.redhat.com/show_bug.cgi?id=437320CONFIRM
rhds-cgiscripts-security-bypass(41843)https://exchange.xforce.ibmcloud.com/vulnerabilities/41843XF
FEDORA-2008-3214https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.htmlFEDORA
FEDORA-2008-3220https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.htmlFEDORA