CVE-2018-12469
Last modified
CVE-2018-12469 is a vulnerability of currently unknown severity. Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.. EPSS estimates a 1.05% chance of exploitation in the next 30 days.
Description
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microfocus | Enterprise Developer | <= 2.3 | — |
| Microfocus | Enterprise Developer | 2.3 | Update1 |
| Microfocus | Enterprise Developer | 3.0 | — |
| Microfocus | Enterprise Developer | 4.0 | — |
| Microfocus | Enterprise Server | <= 2.3 | — |
| Microfocus | Enterprise Server | 2.3 | Update1 |
| Microfocus | Enterprise Server | 3.0 | — |
| Microfocus | Enterprise Server | 4.0 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-12469?
How severe is CVE-2018-12469?
How do I fix CVE-2018-12469?
Are you affected by CVE-2018-12469?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST