Detections
Analytics

Novell eDirectory < 8.8 SP5 Patch 3 eMBox SOAP Request DoS

medium Nessus Plugin ID 44938

Language:

Synopsis

The remote web server is affected by a denial of service vulnerability.

Description

The remote host is running eDirectory, a directory service software from Novell.

The eMBox service included with the installed version of eDirectory is affected by a denial of service vulnerability.

By sending a specially crafted HTTP SOAP request, it may be possible for a remote attacker to crash the remote service.

Solution

Upgrade to eDirectory 8.8 SP5 Patch 3 or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-10-024/

https://www.securityfocus.com/archive/1/509814/30/0/threaded

https://bugzilla.novell.com/show_bug.cgi?id=548503

https://support.microfocus.com/kb/doc.php?id=3426981

Plugin Details

Severity: Medium

ID: 44938

File Name: edirectory_88sp5_patch3.nasl

Version: 1.11

Type: remote

Family: Misc.

Published: 3/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:novell:edirectory

Exploit Ease: No known exploits are available

Patch Publication Date: 2/11/2010

Vulnerability Publication Date: 2/11/2010

Reference Information

CVE: CVE-2010-0666

BID: 38157

Secunia: 38491