{
  "threat_severity" : "Important",
  "public_date" : "2015-03-05T00:00:00Z",
  "bugzilla" : {
    "description" : "389-ds-base: information disclosure through 'cn=changelog' subtree",
    "id" : "1167858",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1167858"
  },
  "cvss" : {
    "cvss_base_score" : "5.8",
    "cvss_scoring_vector" : "AV:A/AC:L/Au:N/C:P/I:P/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-862->CWE-200",
  "details" : [ "389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the \"cn=changelog\" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.", "An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive information such as plain-text passwords." ],
  "acknowledgement" : "This issue was discovered by Petr Špaček (Red Hat Identity Management Engineering Team).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-03-05T00:00:00Z",
    "advisory" : "RHSA-2015:0628",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "389-ds-base-0:1.2.11.15-50.el6_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-03-05T00:00:00Z",
    "advisory" : "RHSA-2015:0416",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "389-ds-base-0:1.3.3.1-13.el7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-8105\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8105" ],
  "name" : "CVE-2014-8105",
  "csaw" : false
}