CVE-2014-3562

Impact:
Important
Public Date:
2014-08-07
CWE:
CWE-862->CWE-201
Bugzilla:
1123477: CVE-2014-3562 389-ds: unauthenticated information disclosure
It was found that when replication was enabled for each attribute in Red Hat Directory Server / 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensitive information.

Find out more about CVE-2014-3562 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 7.5
Base Metrics AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (389-ds-base) RHSA-2014:1031 2014-08-07
Red Hat Directory Server 8 (for RHEL 5 Server) (redhat-ds-base) RHSA-2014:1032 2014-08-07
Red Hat Enterprise Linux 6 (389-ds-base) RHSA-2014:1031 2014-08-07

Affected Packages State

Platform Package State
Red Hat Directory Server 8 Directory Server Affected

Acknowledgements

This issue was discovered by Ludwig Krispenz of Red Hat.

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.