CVE-2008-0893
First published: Thu Mar 13 2008(Updated: )
Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat directory server | =8.0-el5 | |
| redhat directory server | =8.0-el4 | |
| Red Hat Directory Server | =8.0-el4 | |
| Red Hat Directory Server | =8.0-el5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=437320
- http://www.redhat.com/support/errata/RHSA-2008-0201.html
- http://secunia.com/advisories/29761
- http://www.securityfocus.com/bid/28802
- http://www.securitytracker.com/id?1019857
- https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html
- https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html
- http://secunia.com/advisories/29826
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41843
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=302493
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=302493&action=edit
- https://rhn.redhat.com/errata/RHSA-2008-0201.html
Frequently Asked Questions
What is the severity of CVE-2008-0893?
CVE-2008-0893 has a medium severity rating, indicating it poses a notable risk to affected systems.
How do I fix CVE-2008-0893?
To fix CVE-2008-0893, apply the security updates provided by Red Hat for Directory Server version 8.0 EL4 and EL5.
What are the potential impacts of CVE-2008-0893?
CVE-2008-0893 allows remote attackers to perform unauthorized administrative actions on the Red Hat Administration Server.
Which versions are affected by CVE-2008-0893?
CVE-2008-0893 affects Red Hat Directory Server 8.0 EL4 and EL5.
Who discovered the vulnerability CVE-2008-0893?
CVE-2008-0893 was discovered by Richard Megginson.
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/remedy
- agent/references
- agent/author
- agent/last-modified-date
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-0893
- agent/trending
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- vendor/redhat
- canonical/redhat directory server
- version/redhat directory server/8.0-el5
- version/redhat directory server/8.0-el4
- canonical/red hat directory server
- version/red hat directory server/8.0-el4
- version/red hat directory server/8.0-el5