CVE-2013-2219
First published: Fri Jun 28 2013(Updated: )
A flaw was found in how Red Hat Directory Server and the 389 Directory Server would handle access controls to certain attributes of an entry. A user with access to the Directory Server could use a series of searches to guess the values of other attributes that they should not be able to see. If a user had access (authenticated or anonymous, depending on whether or not the Directory Server allows anonymous access), they could use this to obtain information that should be restricted due to access controls.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fedoraproject 389 Directory Server | ||
| Redhat Directory Server | <=8.2 | |
| Redhat Directory Server | =7.1 | |
| Redhat Directory Server | =8.0 | |
| Redhat Directory Server | =8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=979410
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=989683
- https://rhn.redhat.com/errata/RHSA-2013-1116.html
- https://rhn.redhat.com/errata/RHSA-2013-1119.html
- https://bugzilla.redhat.com/show_bug.cgi?id=979508
- http://rhn.redhat.com/errata/RHSA-2013-1116.html
- http://rhn.redhat.com/errata/RHSA-2013-1119.html
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/tags
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-2219
- agent/event
- vendor/fedoraproject
- canonical/fedoraproject 389 directory server
- vendor/redhat
- canonical/redhat directory server
- version/redhat directory server/8.2
- version/redhat directory server/7.1
- version/redhat directory server/8.0
- version/redhat directory server/8.1