CVE-2009-3862

CWE-287Improper Authentication3 documents3 sources
Severity
5.0MEDIUM
EPSS
0.7%
top 28.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Novell Edirectory
Timeline
PublishedNov 4
Latest updateMay 2

Description

The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDnovell/edirectory6 versions+5

Patches

Patch: www.novell.comPatch: www.vupen.comPatch: www.zerodayinitiative.com

🔴Vulnerability Details

2
GHSA
GHSA-65rr-xh87-mv6j: The NDSD process in Novell eDirectory 82022-05-02
CVEList
CVE-2009-3862: The NDSD process in Novell eDirectory 82009-11-04
CVE-2009-3862 (MEDIUM CVSS 5) | The NDSD process in Novell eDirecto | cvebase.io