Inadequate Access Restriction in Red Hat Directory Server and 389 Directory Server Allows Information Disclosure

Inadequate Access Restriction in Red Hat Directory Server and 389 Directory Server Allows Information Disclosure

CVE-2013-2219 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.

Learn more about our Cis Benchmark Audit For Server Software.