CVE-2008-2929

Name of the Vulnerable Software and Affected Versions Red Hat Directory Server versions 7.1 before SP7 Red Hat Directory Server 8 EL4 and EL5 Fedora Directory Server (affected versions not specified)

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the adminutil library used by the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via input values that utilize % (percent) escaping.

Recommendations For Red Hat Directory Server versions 7.1 before SP7, update to SP7 or later to resolve the issue. For Red Hat Directory Server 8 EL4 and EL5, apply the appropriate patch or update to a version that includes the fix for this issue. For Fedora Directory Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.