CVE-2015-1854

CWE-284 — Improper Access Control CWE-697 CWE-863 — Incorrect Authorization8 documents7 sources

Severity

7.5HIGH

EPSS

1.6%

top 18.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject 389 Directory Server Debian Debian Linux Fedoraproject Fedora

Timeline

PublishedSep 19

Latest updateMay 14

Description

389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDfedoraproject/389_directory_server1.3.3.9

▶Debian389-ds-base< 1.3.3.10-1+2

Also affects: Debian Linux 8.0, Fedora 22

🔴Vulnerability Details

GHSA

GHSA-v685-gqm8-hvj7: 389 Directory Server before 1↗2022-05-14

▶

CVEList

CVE-2015-1854: 389 Directory Server before 1↗2017-09-19

▶

OSV

CVE-2015-1854: 389 Directory Server before 1↗2017-09-19

▶

📋Vendor Advisories

Red Hat

389-ds-base: access control bypass with modrdn↗2015-04-28

▶

Debian

CVE-2015-1854: 389-ds-base - 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access ...↗2015

▶

💬Community

Bugzilla

CVE-2015-1854 389-ds-base: access control bypass with modrdn [fedora-all]↗2015-04-28

▶

Bugzilla

CVE-2015-1854 389-ds-base: access control bypass with modrdn↗2015-04-07

▶