CVE-2008-0927

Name of the Vulnerable Software and Affected Versions Novell eDirectory versions 8.7.3 before sp10 and 8.8.2

Description The issue allows remote attackers to cause a denial of service, specifically CPU consumption, via an HTTP request. This can be achieved by sending a request with either multiple Connection headers or a single Connection header that contains multiple comma-separated values.

Recommendations For Novell eDirectory version 8.7.3, apply service pack 10 or later to resolve the issue. For Novell eDirectory version 8.8.2, consider restricting access to the dhost.exe component until a patch is available. As a temporary workaround, limit the handling of HTTP requests with multiple Connection headers or comma-separated values in the Connection header to minimize the risk of exploitation.