Vulnerability-Lookup

CVE-2008-0893 (GCVE-0-2008-0893)

Vulnerability from cvelistv5 – Published: 2008-04-16 18:00 – Updated: 2024-08-07 08:01

Summary

Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

GHSA-84PH-43P3-259X

Vulnerability from github – Published: 2022-05-01 23:34 – Updated: 2022-05-01 23:34

Details

Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0893"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-04-16T18:05:00Z",
    "severity": "HIGH"
  },
  "details": "Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.",
  "id": "GHSA-84ph-43p3-259x",
  "modified": "2022-05-01T23:34:17Z",
  "published": "2022-05-01T23:34:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0893"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437320"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41843"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29761"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29826"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0201.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28802"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019857"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-0893

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.

Aliases

CVE-2008-0893

Aliases

CVE-2008-0893

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0893",
    "description": "Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.",
    "id": "GSD-2008-0893",
    "references": [
      "https://access.redhat.com/errata/RHSA-2008:0201"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0893"
      ],
      "details": "Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.",
      "id": "GSD-2008-0893",
      "modified": "2023-12-13T01:22:58.436630Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2008-0893",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://secunia.com/advisories/29761",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/29761"
          },
          {
            "name": "http://secunia.com/advisories/29826",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/29826"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2008-0201.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0201.html"
          },
          {
            "name": "http://www.securityfocus.com/bid/28802",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/28802"
          },
          {
            "name": "http://www.securitytracker.com/id?1019857",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id?1019857"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41843",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41843"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=437320",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437320"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:directory_server:8.0:el4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:directory_server:8.0:el5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-0893"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=437320",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437320"
            },
            {
              "name": "RHSA-2008:0201",
              "refsource": "REDHAT",
              "tags": [
                "Patch"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0201.html"
            },
            {
              "name": "29761",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29761"
            },
            {
              "name": "28802",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/28802"
            },
            {
              "name": "1019857",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019857"
            },
            {
              "name": "FEDORA-2008-3214",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html"
            },
            {
              "name": "FEDORA-2008-3220",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html"
            },
            {
              "name": "29826",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29826"
            },
            {
              "name": "rhds-cgiscripts-security-bypass(41843)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41843"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-08T01:29Z",
      "publishedDate": "2008-04-16T18:05Z"
    }
  }
}

RHSA-2008:0201

Vulnerability from csaf_redhat - Published: 2008-04-15 21:10 - Updated: 2025-11-21 17:33

Summary

Red Hat Security Advisory: redhat-ds-admin security update

Notes

Topic

An updated redhat-ds-admin package that fixes security issues is now available for Red Hat Directory Server 8.0. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Details

Red Hat Administration Server is an HTTP agent that provides management features for Red Hat Directory Server, an LDAPv3 compliant server. A shell command injection flaw was discovered in the Red Hat Administration Server replication monitor CGI script used by Red Hat Directory Server 8.0. An attacker with access to the replication monitor web page could execute arbitrary shell commands with the privileges of the Administration Server. Please Note: by default, the Red Hat Administration Server is run as the unprivileged user, "nobody". (CVE-2008-0892) It was discovered that the Red Hat Administration Server did to properly restrict access to CGI scripts. An unauthenticated remote user with access to the TCP port used by the Administration Server could access information or perform certain tasks that should have been restricted to Directory Server administrative users. Please note: by default the Red Hat Administration Server uses port 9830, although this can be changed by the Red Hat Directory Server administrator. (CVE-2008-0893) In combination, these two flaws allowed an unauthenticated remote attacker able to access the Red Hat Administration Server TCP port to run arbitrary code as the user "nobody". All users of Red Hat Directory Server should upgrade to this updated package, which addresses these vulnerabilities.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated redhat-ds-admin package that fixes security issues is now\navailable for Red Hat Directory Server 8.0.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Administration Server is an HTTP agent that provides management\nfeatures for Red Hat Directory Server, an LDAPv3 compliant server.\n\nA shell command injection flaw was discovered in the Red Hat Administration\nServer replication monitor CGI script used by Red Hat Directory Server 8.0.\nAn attacker with access to the replication monitor web page could execute\narbitrary shell commands with the privileges of the Administration Server.\nPlease Note: by default, the Red Hat Administration Server is run as the\nunprivileged user, \"nobody\". (CVE-2008-0892)\n\nIt was discovered that the Red Hat Administration Server did to properly\nrestrict access to CGI scripts. An unauthenticated remote user with access\nto the TCP port used by the Administration Server could access information\nor perform certain tasks that should have been restricted to Directory\nServer administrative users. Please note: by default the Red Hat\nAdministration Server uses port 9830, although this can be changed by the\nRed Hat Directory Server administrator. (CVE-2008-0893)\n\nIn combination, these two flaws allowed an unauthenticated remote attacker\nable to access the Red Hat Administration Server TCP port to run arbitrary\ncode as the user \"nobody\".\n\nAll users of Red Hat Directory Server should upgrade to this updated\npackage, which addresses these vulnerabilities.\n",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:0201",
        "url": "https://access.redhat.com/errata/RHSA-2008:0201"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#critical",
        "url": "http://www.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "437301",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437301"
      },
      {
        "category": "external",
        "summary": "437320",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437320"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0201.json"
      }
    ],
    "title": "Red Hat Security Advisory: redhat-ds-admin security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:33:06+00:00",
      "generator": {
        "date": "2025-11-21T17:33:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2008:0201",
      "initial_release_date": "2008-04-15T21:10:00+00:00",
      "revision_history": [
        {
          "date": "2008-04-15T21:10:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-04-15T17:10:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:33:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Directory Server 8.0 (for AS v. 4)",
                "product": {
                  "name": "Red Hat Directory Server 8.0 (for AS v. 4)",
                  "product_id": "4AS-DirServ8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:directory_server:8::el4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Directory Server 8.0 (for ES v. 4)",
                "product": {
                  "name": "Red Hat Directory Server 8.0 (for ES v. 4)",
                  "product_id": "4ES-DirServ8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:directory_server:8::el4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Directory Server 8 (for RHEL 5 Server)",
                "product": {
                  "name": "Red Hat Directory Server 8 (for RHEL 5 Server)",
                  "product_id": "5Server-RHDirServ-8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:directory_server:8::el5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Directory Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64",
                "product": {
                  "name": "redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64",
                  "product_id": "redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-ds-admin-debuginfo@8.0.0-6.el4dsrv?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64",
                "product": {
                  "name": "redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64",
                  "product_id": "redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-ds-admin@8.0.0-6.el4dsrv?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "redhat-ds-admin-0:8.0.0-6.el5dsrv.x86_64",
                "product": {
                  "name": "redhat-ds-admin-0:8.0.0-6.el5dsrv.x86_64",
                  "product_id": "redhat-ds-admin-0:8.0.0-6.el5dsrv.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-ds-admin@8.0.0-6.el5dsrv?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.x86_64",
                "product": {
                  "name": "redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.x86_64",
                  "product_id": "redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-ds-admin-debuginfo@8.0.0-6.el5dsrv?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386",
                "product": {
                  "name": "redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386",
                  "product_id": "redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-ds-admin-debuginfo@8.0.0-6.el4dsrv?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "redhat-ds-admin-0:8.0.0-6.el4dsrv.i386",
                "product": {
                  "name": "redhat-ds-admin-0:8.0.0-6.el4dsrv.i386",
                  "product_id": "redhat-ds-admin-0:8.0.0-6.el4dsrv.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-ds-admin@8.0.0-6.el4dsrv?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "redhat-ds-admin-0:8.0.0-6.el5dsrv.i386",
                "product": {
                  "name": "redhat-ds-admin-0:8.0.0-6.el5dsrv.i386",
                  "product_id": "redhat-ds-admin-0:8.0.0-6.el5dsrv.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-ds-admin@8.0.0-6.el5dsrv?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.i386",
                "product": {
                  "name": "redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.i386",
                  "product_id": "redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-ds-admin-debuginfo@8.0.0-6.el5dsrv?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "redhat-ds-admin-0:8.0.0-6.el4dsrv.src",
                "product": {
                  "name": "redhat-ds-admin-0:8.0.0-6.el4dsrv.src",
                  "product_id": "redhat-ds-admin-0:8.0.0-6.el4dsrv.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-ds-admin@8.0.0-6.el4dsrv?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "redhat-ds-admin-0:8.0.0-6.el5dsrv.src",
                "product": {
                  "name": "redhat-ds-admin-0:8.0.0-6.el5dsrv.src",
                  "product_id": "redhat-ds-admin-0:8.0.0-6.el5dsrv.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/redhat-ds-admin@8.0.0-6.el5dsrv?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-ds-admin-0:8.0.0-6.el4dsrv.i386 as a component of Red Hat Directory Server 8.0 (for AS v. 4)",
          "product_id": "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.i386"
        },
        "product_reference": "redhat-ds-admin-0:8.0.0-6.el4dsrv.i386",
        "relates_to_product_reference": "4AS-DirServ8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-ds-admin-0:8.0.0-6.el4dsrv.src as a component of Red Hat Directory Server 8.0 (for AS v. 4)",
          "product_id": "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.src"
        },
        "product_reference": "redhat-ds-admin-0:8.0.0-6.el4dsrv.src",
        "relates_to_product_reference": "4AS-DirServ8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64 as a component of Red Hat Directory Server 8.0 (for AS v. 4)",
          "product_id": "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64"
        },
        "product_reference": "redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64",
        "relates_to_product_reference": "4AS-DirServ8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386 as a component of Red Hat Directory Server 8.0 (for AS v. 4)",
          "product_id": "4AS-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386"
        },
        "product_reference": "redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386",
        "relates_to_product_reference": "4AS-DirServ8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64 as a component of Red Hat Directory Server 8.0 (for AS v. 4)",
          "product_id": "4AS-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64"
        },
        "product_reference": "redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64",
        "relates_to_product_reference": "4AS-DirServ8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-ds-admin-0:8.0.0-6.el4dsrv.i386 as a component of Red Hat Directory Server 8.0 (for ES v. 4)",
          "product_id": "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.i386"
        },
        "product_reference": "redhat-ds-admin-0:8.0.0-6.el4dsrv.i386",
        "relates_to_product_reference": "4ES-DirServ8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-ds-admin-0:8.0.0-6.el4dsrv.src as a component of Red Hat Directory Server 8.0 (for ES v. 4)",
          "product_id": "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.src"
        },
        "product_reference": "redhat-ds-admin-0:8.0.0-6.el4dsrv.src",
        "relates_to_product_reference": "4ES-DirServ8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64 as a component of Red Hat Directory Server 8.0 (for ES v. 4)",
          "product_id": "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64"
        },
        "product_reference": "redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64",
        "relates_to_product_reference": "4ES-DirServ8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386 as a component of Red Hat Directory Server 8.0 (for ES v. 4)",
          "product_id": "4ES-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386"
        },
        "product_reference": "redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386",
        "relates_to_product_reference": "4ES-DirServ8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64 as a component of Red Hat Directory Server 8.0 (for ES v. 4)",
          "product_id": "4ES-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64"
        },
        "product_reference": "redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64",
        "relates_to_product_reference": "4ES-DirServ8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-ds-admin-0:8.0.0-6.el5dsrv.i386 as a component of Red Hat Directory Server 8 (for RHEL 5 Server)",
          "product_id": "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.i386"
        },
        "product_reference": "redhat-ds-admin-0:8.0.0-6.el5dsrv.i386",
        "relates_to_product_reference": "5Server-RHDirServ-8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-ds-admin-0:8.0.0-6.el5dsrv.src as a component of Red Hat Directory Server 8 (for RHEL 5 Server)",
          "product_id": "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.src"
        },
        "product_reference": "redhat-ds-admin-0:8.0.0-6.el5dsrv.src",
        "relates_to_product_reference": "5Server-RHDirServ-8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-ds-admin-0:8.0.0-6.el5dsrv.x86_64 as a component of Red Hat Directory Server 8 (for RHEL 5 Server)",
          "product_id": "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.x86_64"
        },
        "product_reference": "redhat-ds-admin-0:8.0.0-6.el5dsrv.x86_64",
        "relates_to_product_reference": "5Server-RHDirServ-8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.i386 as a component of Red Hat Directory Server 8 (for RHEL 5 Server)",
          "product_id": "5Server-RHDirServ-8:redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.i386"
        },
        "product_reference": "redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.i386",
        "relates_to_product_reference": "5Server-RHDirServ-8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.x86_64 as a component of Red Hat Directory Server 8 (for RHEL 5 Server)",
          "product_id": "5Server-RHDirServ-8:redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.x86_64"
        },
        "product_reference": "redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.x86_64",
        "relates_to_product_reference": "5Server-RHDirServ-8"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-0892",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "discovery_date": "2008-03-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.i386",
            "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.src",
            "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64",
            "4AS-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386",
            "4AS-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64",
            "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.i386",
            "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.src",
            "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64",
            "4ES-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386",
            "4ES-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "437301"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Server: shell command injection in CGI replication monitor",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.i386",
          "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.src",
          "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.x86_64",
          "5Server-RHDirServ-8:redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.i386",
          "5Server-RHDirServ-8:redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.x86_64"
        ],
        "known_not_affected": [
          "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.i386",
          "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.src",
          "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64",
          "4AS-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386",
          "4AS-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64",
          "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.i386",
          "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.src",
          "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64",
          "4ES-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386",
          "4ES-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0892"
        },
        {
          "category": "external",
          "summary": "RHBZ#437301",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437301"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0892",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0892"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0892",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0892"
        }
      ],
      "release_date": "2008-04-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-15T21:10:00+00:00",
          "details": "Users running Red Hat Directory Server on Red Hat Enterprise Linux:\n\nBefore applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188\n\nUsers running Red Hat Directory Server on Solaris:\n\nAn archive (in .tar.gz format) containing the updated Solaris packages in\n.pkg format is available in the Red Hat Directory Server 8.0 Solaris\nchannel on the Red Hat Network. This archive also contains a file with\nfurther instructions about how to install/upgrade the packages using\nSolaris native package management tools.",
          "product_ids": [
            "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.i386",
            "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.src",
            "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.x86_64",
            "5Server-RHDirServ-8:redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.i386",
            "5Server-RHDirServ-8:redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0201"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.7,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.i386",
            "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.src",
            "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64",
            "4AS-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386",
            "4AS-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64",
            "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.i386",
            "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.src",
            "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64",
            "4ES-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386",
            "4ES-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64",
            "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.i386",
            "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.src",
            "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.x86_64",
            "5Server-RHDirServ-8:redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.i386",
            "5Server-RHDirServ-8:redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Server: shell command injection in CGI replication monitor"
    },
    {
      "cve": "CVE-2008-0893",
      "discovery_date": "2008-03-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.i386",
            "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.src",
            "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64",
            "4AS-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386",
            "4AS-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64",
            "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.i386",
            "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.src",
            "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64",
            "4ES-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386",
            "4ES-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "437320"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Server: unrestricted access to CGI scripts",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.i386",
          "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.src",
          "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.x86_64",
          "5Server-RHDirServ-8:redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.i386",
          "5Server-RHDirServ-8:redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.x86_64"
        ],
        "known_not_affected": [
          "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.i386",
          "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.src",
          "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64",
          "4AS-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386",
          "4AS-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64",
          "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.i386",
          "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.src",
          "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64",
          "4ES-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386",
          "4ES-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0893"
        },
        {
          "category": "external",
          "summary": "RHBZ#437320",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437320"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0893",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0893"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0893",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0893"
        }
      ],
      "release_date": "2008-04-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-04-15T21:10:00+00:00",
          "details": "Users running Red Hat Directory Server on Red Hat Enterprise Linux:\n\nBefore applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188\n\nUsers running Red Hat Directory Server on Solaris:\n\nAn archive (in .tar.gz format) containing the updated Solaris packages in\n.pkg format is available in the Red Hat Directory Server 8.0 Solaris\nchannel on the Red Hat Network. This archive also contains a file with\nfurther instructions about how to install/upgrade the packages using\nSolaris native package management tools.",
          "product_ids": [
            "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.i386",
            "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.src",
            "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.x86_64",
            "5Server-RHDirServ-8:redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.i386",
            "5Server-RHDirServ-8:redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:0201"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.i386",
            "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.src",
            "4AS-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64",
            "4AS-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386",
            "4AS-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64",
            "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.i386",
            "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.src",
            "4ES-DirServ8:redhat-ds-admin-0:8.0.0-6.el4dsrv.x86_64",
            "4ES-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.i386",
            "4ES-DirServ8:redhat-ds-admin-debuginfo-0:8.0.0-6.el4dsrv.x86_64",
            "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.i386",
            "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.src",
            "5Server-RHDirServ-8:redhat-ds-admin-0:8.0.0-6.el5dsrv.x86_64",
            "5Server-RHDirServ-8:redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.i386",
            "5Server-RHDirServ-8:redhat-ds-admin-debuginfo-0:8.0.0-6.el5dsrv.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Server: unrestricted access to CGI scripts"
    }
  ]
}

FKIE_CVE-2008-0893

Vulnerability from fkie_nvd - Published: 2008-04-16 18:05 - Updated: 2025-04-09 00:30

Severity ?

Summary

Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions.

References

URL	Tags
secalert@redhat.com	http://secunia.com/advisories/29761	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/29826
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2008-0201.html	Patch
secalert@redhat.com	http://www.securityfocus.com/bid/28802
secalert@redhat.com	http://www.securitytracker.com/id?1019857
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=437320
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/41843
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29761	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29826
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0201.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28802
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019857
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=437320
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41843
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html

Impacted products

	Vendor	Product	Version
	redhat	directory_server	8.0
	redhat	directory_server	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:directory_server:8.0:el4:*:*:*:*:*:*",
              "matchCriteriaId": "26DC5453-A850-4BC8-A9B2-272F9993FD6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:directory_server:8.0:el5:*:*:*:*:*:*",
              "matchCriteriaId": "B06C0597-0694-4B0F-BD82-19E2C6B63095",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions."
    },
    {
      "lang": "es",
      "value": "Red Hat Administration Server, tal como se utiliza por Red Hat Directory Server 8.0 EL4 and EL5, no restringe el acceso correctamente a scripts CGI, lo cual permite a atacantes remotos llevar a cabo acciones administrativas."
    }
  ],
  "id": "CVE-2008-0893",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-04-16T18:05:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29761"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29826"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0201.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/28802"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1019857"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437320"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41843"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29761"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0201.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0893 (GCVE-0-2008-0893)

GHSA-84PH-43P3-259X

GSD-2008-0893

RHSA-2008:0201

FKIE_CVE-2008-0893

Tags

Sightings

Nomenclature