Novell eDirectory is prone to following multiple remote vulnerabilities: 1. A cross-site scripting vulnerability 2. A denial-of-service vulnerability 3. An information-disclosure vulnerability 4. A stack-based buffer-overflow vulnerability Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose sensitive information, execute arbitrary code, cause a denial-of- service condition. Other attacks are possible. Novell eDirectory versions prior to 8.8.7.2 and 8.8.6.7 are vulnerable.

An update is available. Please see the references for more information.

• http://www.novell.com/
• http://www.novell.com/products/edirectory/
• http://www.securityfocus.com/bid/57038

---

Updated on 2015-03-25