CVE-2014-3562

CWE-200 — Information Exposure CWE-862 — Missing Authorization CWE-2019 documents7 sources

Severity

5.0MEDIUM

EPSS

0.3%

top 46.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject 389 Directory Server Redhat Directory Server Redhat Enterprise Linux

Timeline

PublishedAug 21

Latest updateMay 14

Description

Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDredhat/directory_server8.0

▶NVDfedoraproject/389_directory_server44 versions+43

▶Debian389-ds-base< 1.3.2.21-1+2

Also affects: Enterprise Linux 6.0, 7.0

🔴Vulnerability Details

GHSA

GHSA-6vvf-j83f-44mh: Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by sea↗2022-05-14

▶

OSV

CVE-2014-3562: Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by sea↗2014-08-21

▶

CVEList

CVE-2014-3562: Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by sea↗2014-08-21

▶

📋Vendor Advisories

Red Hat

389-ds: unauthenticated information disclosure↗2014-08-07

▶

Debian

CVE-2014-3562: 389-ds-base - Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, ...↗2014

▶

💬Community

Bugzilla

CVE-2014-3562 389-ds-base: 389-ds: unauthenticated information disclosure [fedora-all]↗2014-08-07

▶

Bugzilla

CVE-2014-3562 389-ds-base: 389-ds: unauthenticated information disclosure [epel-5]↗2014-08-07

▶

Bugzilla

CVE-2014-3562 389-ds: unauthenticated information disclosure↗2014-07-25

▶