CVE-2008-0926

CVE Descriptions

The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-287	Improper Authentication When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	7.5		AV:N/AC:L/Au:N/C:P/I:P/A:P	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	74.81%	–	–
2023-03-12	–	–	–	34.58%	–
2023-05-21	–	–	–	34.5%	–
2023-06-11	–	–	–	34.5%	–
2023-06-25	–	–	–	35.81%	–
2023-07-30	–	–	–	34.5%	–
2023-10-08	–	–	–	33.57%	–
2023-11-12	–	–	–	34.62%	–
2024-06-02	–	–	–	34.62%	–
2024-09-01	–	–	–	35.25%	–
2024-10-13	–	–	–	41.62%	–
2024-12-22	–	–	–	35.25%	–
2024-12-29	–	–	–	32.56%	–
2025-02-02	–	–	–	45.56%	–
2025-01-19	–	–	–	32.56%	–
2025-02-02	–	–	–	45.56%	–
2025-03-18	–	–	–	–	59.2%
2025-03-30	–	–	–	–	61.49%
2025-03-30	–	–	–	–	61.49,%

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Date	Percentile
2022-02-06	99%
2023-03-12	96%
2023-05-21	96%
2023-06-11	97%
2023-06-25	97%
2023-07-30	97%
2023-10-08	97%
2023-11-12	97%
2024-06-02	97%
2024-09-01	97%
2024-10-13	97%
2024-12-22	97%
2024-12-29	97%
2025-02-02	98%
2025-01-19	97%
2025-02-02	98%
2025-03-18	98%
2025-03-30	98%
2025-03-30	98%

Exploit information

Exploit Database EDB-ID : 31533

Publication date : 2008-03-24 23h00 +00:00
Author : Nicholas Gregorie
EDB Verified : Yes

source: https://www.securityfocus.com/bid/28441/info Novell eDirectory is prone to an unspecified vulnerability that can result in unauthorized file access or a denial of service. Unauthenticated attackers can exploit this issue. This issue affects eDirectory 8.8 (and earlier) as well as 8.7.3.9 (and earlier). java -cp eMBoxClient.jar embox -i login -s edir_ip_address -p port (port can be 8008, 8009, 80, 443, 8030)

Products Mentioned

Configuraton 0

Novell>>Edirectory >> Version To (including) 8.7.3.10

Novell>>Edirectory >> Version - (Open CPE detail)
Novell>>Edirectory >> Version 8.0 (Open CPE detail)
Novell>>Edirectory >> Version 8.5 (Open CPE detail)
Novell>>Edirectory >> Version 8.5.12a (Open CPE detail)
Novell>>Edirectory >> Version 8.5.27 (Open CPE detail)
Novell>>Edirectory >> Version 8.6.2 (Open CPE detail)
Novell>>Edirectory >> Version 8.7 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.1 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.1 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3.8 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3.10 (Open CPE detail)

Novell>>Edirectory >> Version 8.5

Novell>>Edirectory >> Version 8.5 (Open CPE detail)

Novell>>Edirectory >> Version 8.5.12a

Novell>>Edirectory >> Version 8.5.12a (Open CPE detail)

Novell>>Edirectory >> Version 8.5.27

Novell>>Edirectory >> Version 8.5.27 (Open CPE detail)

Novell>>Edirectory >> Version 8.6.2

Novell>>Edirectory >> Version 8.6.2 (Open CPE detail)

Novell>>Edirectory >> Version 8.7

Novell>>Edirectory >> Version 8.7 (Open CPE detail)

Novell>>Edirectory >> Version 8.7.1

Novell>>Edirectory >> Version 8.7.1 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.1 (Open CPE detail)

Novell>>Edirectory >> Version 8.7.1

Novell>>Edirectory >> Version 8.7.1 (Open CPE detail)

Novell>>Edirectory >> Version 8.7.3

Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)
Novell>>Edirectory >> Version 8.7.3 (Open CPE detail)

Novell>>Edirectory >> Version 8.7.3.8

Novell>>Edirectory >> Version 8.7.3.8 (Open CPE detail)

Novell>>Edirectory >> Version 8.7.3.8_presp9

Novell>>Edirectory >> Version 8.7.3.9

Novell>>Edirectory >> Version 8.8

Novell>>Edirectory >> Version 8.8 (Open CPE detail)
Novell>>Edirectory >> Version 8.8 (Open CPE detail)
Novell>>Edirectory >> Version 8.8 (Open CPE detail)
Novell>>Edirectory >> Version 8.8 (Open CPE detail)

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/41426
Tags : vdb-entry, x_refsource_XF

https://secure-support.novell.com/KanisaPlatform/Publishing/876/3866911_f.SAL_Public.html
Tags : x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/491621/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ

http://www.securitytracker.com/id?1019691
Tags : vdb-entry, x_refsource_SECTRACK

http://www.securityfocus.com/bid/28441
Tags : vdb-entry, x_refsource_BID

http://secunia.com/advisories/29527
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.vupen.com/english/advisories/2008/0988/references
Tags : vdb-entry, x_refsource_VUPEN

CVE-2008-0926 : Detail