Back to CVE Browser

CVE-2008-2928

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0160%

EPSS Percentile17.39th

PublishedAug 29, 2008

Last ModifiedApr 23, 2026

Vulnerability Description

Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP header.

Affected Platforms (CPE)

📦

Redhat

Directory Server

= 7.1

📦

Redhat

Directory Server

= 7.1

📦

Redhat

Directory Server

= 7.1

📦

Redhat

Directory Server

= 7.1

📦

Redhat

Directory Server

= 7.1

📦

Redhat

Directory Server

= 7.1

References & Advisories

🔗 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861

🔗 http://secunia.com/advisories/31565

🔗 http://secunia.com/advisories/31702

🔗 http://secunia.com/advisories/31777

🔗 http://securitytracker.com/id?1020771

🔗 http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html

🔗 http://www.securityfocus.com/bid/30869

🔗 http://www.vupen.com/english/advisories/2008/2480

Related Vulnerabilities

CVE-1999-095010.0

Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create n...

CVE-2017-234310.0

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to ...

CVE-1999-008010.0

Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin,...

CVE-2000-107610.0

Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, wh...