NULL Pointer Dereference

CVE-2018-12469

High

7.5/10

Summary

Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-476 - NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

Advisory Timeline

Published Oct 12, 2018

NULL Pointer Dereference

CVE-2018-12469

Summary

CWE-476 - NULL Pointer Dereference

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS