High severity7.5NVD Advisory· Published Sep 19, 2017· Updated May 13, 2026

CVE-2015-1854

Description

389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.

Affected products

Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Fedoraproject/389 Directory Server
cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*
Range: <=1.3.3.9
Fedoraproject/Fedora
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.fedoraproject.org/pipermail/package-announce/2015-May/157069.htmlnvdMailing ListThird Party Advisory
www.securityfocus.com/bid/74392nvdThird Party AdvisoryVDB Entry
access.redhat.com/errata/RHSA-2015:0895nvdThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
lists.debian.org/debian-lts-announce/2018/07/msg00018.htmlnvdMailing ListThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000