{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-16T00:00:00", "descriptions": [{"lang": "en", "value": "Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2008-3220", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html"}, {"name": "rhds-cgiscripts-security-bypass(41843)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41843"}, {"name": "1019857", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019857"}, {"name": "28802", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28802"}, {"name": "RHSA-2008:0201", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0201.html"}, {"name": "FEDORA-2008-3214", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html"}, {"name": "29761", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29761"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437320"}, {"name": "29826", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29826"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:01:39.931Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2008-3220", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html"}, {"name": "rhds-cgiscripts-security-bypass(41843)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41843"}, {"name": "1019857", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019857"}, {"name": "28802", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28802"}, {"name": "RHSA-2008:0201", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0201.html"}, {"name": "FEDORA-2008-3214", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html"}, {"name": "29761", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29761"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437320"}, {"name": "29826", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29826"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-0893", "datePublished": "2008-04-16T18:00:00", "dateReserved": "2008-02-21T00:00:00", "dateUpdated": "2024-08-07T08:01:39.931Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:directory_server:8.0:el4:*:*:*:*:*:*", "matchCriteriaId": "26DC5453-A850-4BC8-A9B2-272F9993FD6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:directory_server:8.0:el5:*:*:*:*:*:*", "matchCriteriaId": "B06C0597-0694-4B0F-BD82-19E2C6B63095", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions."}, {"lang": "es", "value": "Red Hat Administration Server, tal como se utiliza por Red Hat Directory Server 8.0 EL4 and EL5, no restringe el acceso correctamente a scripts CGI, lo cual permite a atacantes remotos llevar a cabo acciones administrativas."}], "id": "CVE-2008-0893", "lastModified": "2024-11-21T00:43:09.907", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-04-16T18:05:00.000", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29761"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/29826"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0201.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/28802"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1019857"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437320"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41843"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29761"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29826"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0201.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28802"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019857"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437320"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41843"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00380.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00386.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2008:0201", "cpe": "cpe:/a:redhat:directory_server:8::el5", "package": "redhat-ds-admin-0:8.0.0-6.el5dsrv", "product_name": "Red Hat Directory Server 8 for RHEL 5", "release_date": "2008-04-15T00:00:00Z"}], "bugzilla": {"description": "Server: unrestricted access to CGI scripts", "id": "437320", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=437320"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative actions."], "name": "CVE-2008-0893", "public_date": "2008-04-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-0893\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-0893"], "threat_severity": "Moderate"}