CVE-2008-0926
Last modified
CVE-2008-0926 is a vulnerability of currently unknown severity. The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.. EPSS estimates a 58.18% chance of exploitation in the next 30 days.
Description
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Novell | Edirectory | <= 8.7.3.10 |
| Novell | Edirectory | 8.5 |
| Novell | Edirectory | 8.5.12a |
| Novell | Edirectory | 8.5.27 |
| Novell | Edirectory | 8.6.2 |
| Novell | Edirectory | 8.7 |
| Novell | Edirectory | 8.7.1 |
| Novell | Edirectory | 8.7.3 |
| Novell | Edirectory | 8.7.3.8 |
| Novell | Edirectory | 8.7.3.8_presp9 |
| Novell | Edirectory | 8.7.3.9 |
| Novell | Edirectory | 8.8 |
References
- http://secunia.com/advisories/29527Vendor Advisory
- http://www.vupen.com/english/advisories/2008/0988/referencesVendor Advisory
- http://secunia.com/advisories/29527Vendor Advisory
- http://www.vupen.com/english/advisories/2008/0988/referencesVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-0926?
How severe is CVE-2008-0926?
How do I fix CVE-2008-0926?
Are you affected by CVE-2008-0926?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST