CVE Vulnerabilities

CVE-2018-12469

NULL Pointer Dereference

Published: Oct 12, 2018 | Modified: Nov 07, 2023
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Enterprise_developer Microfocus * 2.3 (including)
Enterprise_developer Microfocus 2.3-update1 (including) 2.3-update1 (including)
Enterprise_developer Microfocus 2.3-update2 (including) 2.3-update2 (including)
Enterprise_developer Microfocus 3.0 (including) 3.0 (including)
Enterprise_developer Microfocus 4.0 (including) 4.0 (including)
Enterprise_developer Microfocus 4.0-update1 (including) 4.0-update1 (including)
Enterprise_server Microfocus * 2.3 (including)
Enterprise_server Microfocus 2.3-update1 (including) 2.3-update1 (including)
Enterprise_server Microfocus 2.3-update2 (including) 2.3-update2 (including)
Enterprise_server Microfocus 3.0 (including) 3.0 (including)
Enterprise_server Microfocus 4.0 (including) 4.0 (including)
Enterprise_server Microfocus 4.0-update1 (including) 4.0-update1 (including)

Potential Mitigations

References