Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Fedora
  • Directory Server
Redhat
  • Directory Server

Configuration 1 [-]

OR cpe:2.3:a:fedora:directory_server:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp2:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp3:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp4:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp5:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp6:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:8.0:el4:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:8.0:el5:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Directory Server 7.1 for RHEL 3
redhat-ds-0:7.1SP7-14.RHEL3 cpe:/a:redhat:directory_server:7.1 RHSA-2008:0596 2008-08-27T00:00:00Z
Red Hat Directory Server 7.1 for RHEL 4
redhat-ds-0:7.1SP7-14.RHEL4 cpe:/a:redhat:directory_server:7.1 RHSA-2008:0596 2008-08-27T00:00:00Z
Red Hat Directory Server 8 for RHEL 5
adminutil-0:1.1.7-3.el5dsrv cpe:/a:redhat:directory_server:8::el5 RHSA-2008:0601 2008-08-27T00:00:00Z
References
Link Providers
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861 cve-icon cve-icon
http://secunia.com/advisories/31565 cve-icon cve-icon
http://secunia.com/advisories/31612 cve-icon cve-icon
http://secunia.com/advisories/31702 cve-icon cve-icon
http://secunia.com/advisories/31777 cve-icon cve-icon
http://securitytracker.com/id?1020772 cve-icon cve-icon
http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html cve-icon cve-icon
http://www.securityfocus.com/bid/30870 cve-icon cve-icon
http://www.vupen.com/english/advisories/2008/2480 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=454621 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/44737 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2008-2929 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5877 cve-icon cve-icon
https://rhn.redhat.com/errata/RHSA-2008-0596.html cve-icon cve-icon
https://rhn.redhat.com/errata/RHSA-2008-0601.html cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2008-2929 cve-icon
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00218.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00449.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-07T09:21:34.992Z

Reserved: 2008-06-30T00:00:00

Link: CVE-2008-2929

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2008-08-29T18:41:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-2929

cve-icon Redhat

Severity : Moderate

Publid Date: 2008-08-27T00:00:00Z

Links: CVE-2008-2929 - Bugzilla