CVE-2008-2929

Published Aug 29, 2008

Last updated 7 years ago

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fedora:directory_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "325FCDFC-22D9-447B-9B56-D65A09F780A5"
          },
          {
            "criteria": "cpe:2.3:a:redhat:directory_server:7.1:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2060B92C-72E4-4FAF-9CB6-C6142F6DDE7F"
          },
          {
            "criteria": "cpe:2.3:a:redhat:directory_server:7.1:sp2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A7C6A16-F928-4682-BCCA-D004FB4781B2"
          },
          {
            "criteria": "cpe:2.3:a:redhat:directory_server:7.1:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "374634C4-D913-46B3-AB98-1E3573814E5D"
          },
          {
            "criteria": "cpe:2.3:a:redhat:directory_server:7.1:sp4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B58F8C3A-C0F5-400A-823F-F92F71B385EA"
          },
          {
            "criteria": "cpe:2.3:a:redhat:directory_server:7.1:sp5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F47246B-7393-4F61-88F5-2B8A2211C46F"
          },
          {
            "criteria": "cpe:2.3:a:redhat:directory_server:7.1:sp6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "325755C1-03E1-4947-A5A0-9FEBB0DC4E89"
          },
          {
            "criteria": "cpe:2.3:a:redhat:directory_server:8.0:el4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26DC5453-A850-4BC8-A9B2-272F9993FD6C"
          },
          {
            "criteria": "cpe:2.3:a:redhat:directory_server:8.0:el5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B06C0597-0694-4B0F-BD82-19E2C6B63095"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References