CVE-2008-0893

{"id": "CVE-2008-0893", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-04-16T18:05:00.000", "references": [{"url": "http://secunia.com/advisories/29761", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/29826", "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0201.html", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/28802", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1019857", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=437320", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41843", "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html", "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions."}, {"lang": "es", "value": "Red Hat Administration Server, tal como se utiliza por Red Hat Directory Server 8.0 EL4 and EL5, no restringe el acceso correctamente a scripts CGI, lo cual permite a atacantes remotos llevar a cabo acciones administrativas."}], "lastModified": "2017-08-08T01:29:45.900", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:directory_server:8.0:el4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26DC5453-A850-4BC8-A9B2-272F9993FD6C"}, {"criteria": "cpe:2.3:a:redhat:directory_server:8.0:el5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B06C0597-0694-4B0F-BD82-19E2C6B63095"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}