First published: Fri Mar 28 2008(Updated: )
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Novell Edirectory | =8.7.3.9 | |
Novell Edirectory | =8.6.2 | |
Novell Edirectory | =8.5.27 | |
Novell Edirectory | =8.7 | |
Novell Edirectory | =8.8 | |
Novell Edirectory | =8.7.3 | |
Novell Edirectory | =8.5.12a | |
Novell Edirectory | =8.5 | |
Novell Edirectory | =8.7.3.8_presp9 | |
Novell Edirectory | =8.7.1 | |
Novell Edirectory | =8.7.1-sp1 | |
Novell Edirectory | =8.7.3.8 | |
Novell Edirectory | <=8.7.3.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.