PT-2018-11200 · Micro Focus · Enterprise Developer+2

Published

2018-10-12

Updated

2019-10-09

CVE-2018-12469

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Micro Focus Enterprise Developer and Enterprise Server versions 2.3 Update 2 and earlier, 3.0 before Patch Update 12, 4.0 before Patch Update 2

Description The issue arises from the incorrect handling of an invalid value for an HTTP request parameter by the Directory Server, also known as the Enterprise Server Administration web UI. This leads to a null pointer dereference and results in a denial of service due to process termination.

Recommendations For versions 2.3 Update 2 and earlier, apply the necessary patches to update beyond these versions. For version 3.0, apply Patch Update 12 or later. For version 4.0, apply Patch Update 2 or later.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2018-12469

Affected Products

Directory Server

Enterprise Developer

Enterprise Server

PT-2018-11200 · Micro Focus · Enterprise Developer+2

CVE-2018-12469

Weakness Enumeration

Related Identifiers

Affected Products

References · 3