CVE-2008-0892 — Improper Input Validation in Redhat Directory Server

CWE-20 — Improper Input Validation CWE-78 — OS Command Injection5 documents5 sources

Severity

9.0CRITICALNVD

EPSS

3.0%

top 13.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Directory Server

Timeline

PublishedApr 16

Latest updateMay 1

Description

The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

▶NVDredhat/directory_server7.1, 8+1

🔴Vulnerability Details

GHSA

GHSA-cg2c-3gw3-2vcg: The replication monitor CGI script (repl-monitor-cgi↗2022-05-01

▶

CVEList

CVE-2008-0892: The replication monitor CGI script (repl-monitor-cgi↗2008-04-16

▶

📋Vendor Advisories

Red Hat

Server: shell command injection in CGI replication monitor↗2008-04-15

▶

💬Community

Bugzilla

CVE-2008-0892 Director Server: shell command injection in CGI replication monitor↗2008-03-13

▶