Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2930Directory Server vulnerability

CWE-3996 documents6 sources
Severity
7.1HIGHNVD
EPSS
15.2%
top 5.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Fedora Directory ServerRedhat Directory Server
Timeline
PublishedAug 29
Latest updateMay 1

Description

Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

NVDredhat/directory_server7.1, 8.0+1

Patches

Patch: www.redhat.comPatch: www.securityfocus.comPatch: www.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-622c-3525-jxfp: Red Hat Directory Server 72022-05-01
CVEList
CVE-2008-2930: Red Hat Directory Server 72008-08-29

💥Exploits & PoCs

1
Exploit-DB
RedHat 8/9 - Directory Server Crafted Search Pattern Denial of Service2008-08-27

📋Vendor Advisories

1
Red Hat
Server: temporary DoS via crafted pattern searches2008-08-27

💬Community

1
Bugzilla
CVE-2008-2930 Directory Server: temporary DoS via crafted pattern searches2008-07-04