CVE-2008-0893

Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=437320
http://www.redhat.com/support/errata/RHSA-2008-0201.html	Patch
http://secunia.com/advisories/29761	Vendor Advisory
http://www.securityfocus.com/bid/28802
http://www.securitytracker.com/id?1019857
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html
http://secunia.com/advisories/29826
https://exchange.xforce.ibmcloud.com/vulnerabilities/41843

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:directory_server:8.0:el4::::::
	cpe:2.3:a:redhat:directory_server:8.0:el5::::::

Information

Published : 2008-04-16 11:05

Updated : 2017-08-07 18:29

NVD link : CVE-2008-0893

Mitre link : CVE-2008-0893

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

redhat

directory_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=437320", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=437320", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0201.html", "name": "RHSA-2008:0201", "tags": ["Patch"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/29761", "name": "29761", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/28802", "name": "28802", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1019857", "name": "1019857", "tags": [], "refsource": "SECTRACK"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html", "name": "FEDORA-2008-3214", "tags": [], "refsource": "FEDORA"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html", "name": "FEDORA-2008-3220", "tags": [], "refsource": "FEDORA"}, {"url": "http://secunia.com/advisories/29826", "name": "29826", "tags": [], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41843", "name": "rhds-cgiscripts-security-bypass(41843)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-0893", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-04-16T18:05Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:directory_server:8.0:el4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:directory_server:8.0:el5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:29Z"}