Summary
Novell eDirectory is prone to following multiple remote vulnerabilities:
1. A cross-site scripting vulnerability
2. A denial-of-service vulnerability
3. An information-disclosure vulnerability
4. A stack-based buffer-overflow vulnerability
Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, disclose sensitive information, execute arbitrary code, cause a denial-of- service condition. Other attacks are possible.
Novell eDirectory versions prior to 8.8.7.2 and 8.8.6.7 are vulnerable.
Solution
An update is available. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2012-0428, CVE-2012-0429, CVE-2012-0430, CVE-2012-0432 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Windows)
- Adobe Air Multiple Vulnerabilities - October 12 (Windows)
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Mac OS X)
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows