A local file inclusion flaw was found in the way the phpLDAPadmin, a web based LDAP client for managing LDAP servers, processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service (generate recursive inclusions leading to resource exhaustion) via specially-crafted request. Note: A different issue than CVE-2011-4075 (due the different attack vector and different source code file in question). References: http://www.securityfocus.com/bid/50328/info http://www.securityfocus.com/data/vulnerabilities/exploits/50328.java This was corrected in phpLDAPAdmin 0.9.8.5 and was assigned the name CVE-2011-4082.
Created phpldapadmin tracking bugs for this issue Affects: epel-4 [bug 749678]
This was actually fixed in 0.9.8 (only versions <= 0.9.7 are vulnerable). EPEL4 currently has 0.9.8.3, and the contents of common.php in 0.9.8.3 and 0.9.8.5 are identical, so EPEL4 is not vulnerable to this.