Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2930 — Directory Server vulnerability

CWE-3996 documents6 sources

Severity

7.1HIGHNVD

EPSS

15.2%

top 5.38%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Fedora Directory Server Redhat Directory Server

Timeline

PublishedAug 29

Latest updateMay 1

Description

Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

▶NVDfedora/directory_server1.1.1

▶NVDredhat/directory_server7.1, 8.0+1

Patches

Patch: www.redhat.com ↗Patch: www.securityfocus.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-622c-3525-jxfp: Red Hat Directory Server 7↗2022-05-01

▶

CVEList

CVE-2008-2930: Red Hat Directory Server 7↗2008-08-29

▶

💥Exploits & PoCs

Exploit-DB

RedHat 8/9 - Directory Server Crafted Search Pattern Denial of Service↗2008-08-27

▶

📋Vendor Advisories

Red Hat

Server: temporary DoS via crafted pattern searches↗2008-08-27

▶

💬Community

Bugzilla

CVE-2008-2930 Directory Server: temporary DoS via crafted pattern searches↗2008-07-04

▶