CVE-2011-4082
published 2019-11-26CVE-2011-4082: A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker…
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.69%
74.2th percentile
A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | phpldapadmin | < phpldapadmin 0.9.8-1 (bookworm) | phpldapadmin 0.9.8-1 (bookworm) |
| phpldapadmin | phpldapadmin | — | — |
| phpldapadmin_project | phpldapadmin | < 0.9.8 | 0.9.8 |
| phpldapadmin_project | phpldapadmin | >= 0 < 0.9.8-1 | 0.9.8-1 |
| phpldapadmin_project | phpldapadmin | >= 0 < 0.9.8-1 | 0.9.8-1 |
| phpldapadmin_project | phpldapadmin | >= 0 < 0.9.8-1 | 0.9.8-1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2011-4082: phpldapadmin - A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 p...
vendor_debian·2011·CVSS 7.5
CVE-2011-4082 [HIGH] CVE-2011-4082: phpldapadmin - A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 p...
A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.
Scope: local
bookworm: resolved (fixed in 0.9.8-1)
forky: resolved (fixed in 0.9.8-1)
sid: resolved (fixed in 0.9.8-1)
trixie: resolved (fixed in 0.9.8-1)
GHSA
GHSA-4857-c55p-2whx: A local file inclusion flaw was found in the way the phpLDAPadmin before 0
ghsa_unreviewed·2022-04-22
CVE-2011-4082 [HIGH] CWE-400 GHSA-4857-c55p-2whx: A local file inclusion flaw was found in the way the phpLDAPadmin before 0
A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.
OSV
CVE-2011-4082: A local file inclusion flaw was found in the way the phpLDAPadmin before 0
osv·2019-11-26·CVSS 7.5
CVE-2011-4082 [HIGH] CVE-2011-4082: A local file inclusion flaw was found in the way the phpLDAPadmin before 0
A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-4082 phpldapadmin: local file inclusion flaw fixed in 0.9.8 [epel-4]
bugzilla·2011-10-27·CVSS 7.5
CVE-2011-4082 [HIGH] CVE-2011-4082 phpldapadmin: local file inclusion flaw fixed in 0.9.8 [epel-4]
CVE-2011-4082 phpldapadmin: local file inclusion flaw fixed in 0.9.8 [epel-4]
epel-4 tracking bug for phpldapadmin: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
The bug was fixed upstream in 0.9.7 .
EPEL4 has 0.9.8.3 at least several years.
Moreover, the first phpldapadmin version appeared in Fedora at all was 0.9.7 .
What the reason of this bug ticket?
---
Sorry, surely fixed in 0.9.8
Anyway, 0.9.8.x should be in EPEL4 since 2006 ...
---
The report indicates it was fixed in 0.9.8.5, and we have 0.9.8.3 in EPEL4, so I don't believe it is fixed in EPEL4.
---
> The report indicates it was fixed in 0.9.8
Bugzilla
CVE-2011-4082 phpldapadmin: local file inclusion flaw fixed in 0.9.8
bugzilla·2011-10-27·CVSS 7.5
CVE-2011-4082 [HIGH] CVE-2011-4082 phpldapadmin: local file inclusion flaw fixed in 0.9.8
CVE-2011-4082 phpldapadmin: local file inclusion flaw fixed in 0.9.8
A local file inclusion flaw was found in the way the phpLDAPadmin, a web based LDAP client for managing LDAP servers, processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service (generate recursive inclusions leading to resource exhaustion) via specially-crafted request.
Note: A different issue than CVE-2011-4075 (due the different attack vector and different source code file in question).
References:
http://www.securityfocus.com/bid/50328/info
http://www.securityfocus.com/data/vulnerabilities/exploits/50328.java
This was corrected in phpLDAPAdmin 0.9.8.5 and was assigned the name CVE-2011-4082.
Discussion:
Created phpldapadmin tracking bugs for
https://access.redhat.com/security/cve/cve-2011-4082https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4082https://security-tracker.debian.org/tracker/CVE-2011-4082https://access.redhat.com/security/cve/cve-2011-4082https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4082https://security-tracker.debian.org/tracker/CVE-2011-4082
2019-11-26
Published