389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2016-2594.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2016-2765.html | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1347760 | Issue Tracking Vendor Advisory |
https://github.com/389ds/389-ds-base/commit/0b932d4b926d46ac5060f02617330dc444e06da1 |
Configurations
Configuration 1 (hide)
|
History
18 Sep 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Feb 2023, 04:50
Type | Values Removed | Values Added |
---|---|---|
Summary | 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects. | |
References |
|
02 Feb 2023, 21:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | An information disclosure flaw was found in 389 Directory Server. A user with no access to objects in certain LDAP sub-tree could send LDAP ADD operations with a specific object name. The error message returned to the user was different based on whether the target object existed or not. |
Information
Published : 2017-06-08 19:29
Updated : 2023-12-10 12:15
NVD link : CVE-2016-4992
Mitre link : CVE-2016-4992
CVE.ORG link : CVE-2016-4992
JSON object : View
Products Affected
redhat
- enterprise_linux_hpc_node
- enterprise_linux_desktop
- enterprise_linux_workstation
- enterprise_linux_server
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor