This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2007-06-14
Product Java System Directory Server Last view 2009-12-28
Version 6.0 Type Application
Update *  
Edition enterprise  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:sun:java_system_directory_server

Activity : Overall

Related : CVE

  Date Alert Description
4.3 2009-12-28 CVE-2009-4443

Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted psearch client to send requests that trigger a psearch thread loop, aka Bug Id 6855978.

5 2009-12-28 CVE-2009-4442

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665.

5 2009-12-28 CVE-2009-4441

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections, aka Bug Id 6782659.

6.8 2009-12-28 CVE-2009-4440

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593.

5 2007-06-14 CVE-2007-3224

Unspecified vulnerability in Sun ONE/Java System Directory Server (slapd) 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified vectors.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-362 Race Condition
50% (1) CWE-16 Configuration

Open Source Vulnerability Database (OSVDB)

id Description
61417 Sun Java System Directory Proxy Server SO_KEEPALIVE Connection Slot Exhaustio...
61375 Sun Java System Directory Proxy Server psearch Client Resource Exhaustion Rem...
61374 Sun Java System Directory Proxy Server New Client Connection Crafted Packet H...
61373 Sun Java System Directory Proxy Server Client Operation Remote Privilege Esca...
37247 Sun ONE/Java System Directory Server (slapd) Unspecified Remote Attribute Enu...

OpenVAS Exploits

id Description
2010-01-04 Name : Sun Java System DSEE Multiple Vulnerabilities (Win)
File : nvt/secpod_sun_java_dir_server_mult_vuln_win.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2010-B-0002 Multiple Remote Vulnerabilities in Sun Java System Directory Server
Severity: Category I - VMSKEY: V0022181

Nessus® Vulnerability Scanner

id Description
2009-12-30 Name: The remote directory service is affected by multiple vulnerabilities.
File: sun_directory_proxy_server_multiple.nasl - Type: ACT_GATHER_INFO
2007-07-12 Name: The remote LDAP server has multiple vulnerabilities.
File: sun_directory_server_multiple.nasl - Type: ACT_GATHER_INFO