Summary
Detail | |||
---|---|---|---|
Vendor | Sun | First view | 2009-02-17 |
Product | Java System Directory Server | Last view | 2009-12-28 |
Version | 6.2 | Type | Application |
Update | enterprise | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:sun:java_system_directory_server |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.3 | 2009-12-28 | CVE-2009-4443 | Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted psearch client to send requests that trigger a psearch thread loop, aka Bug Id 6855978. |
5 | 2009-12-28 | CVE-2009-4442 | Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665. |
5 | 2009-12-28 | CVE-2009-4441 | Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections, aka Bug Id 6782659. |
6.8 | 2009-12-28 | CVE-2009-4440 | Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593. |
7.8 | 2009-02-17 | CVE-2009-0609 | Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of service (JDBC backend outage) via crafted LDAP requests. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
33% (1) | CWE-362 | Race Condition |
33% (1) | CWE-20 | Improper Input Validation |
33% (1) | CWE-16 | Configuration |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
61417 | Sun Java System Directory Proxy Server SO_KEEPALIVE Connection Slot Exhaustio... |
61375 | Sun Java System Directory Proxy Server psearch Client Resource Exhaustion Rem... |
61374 | Sun Java System Directory Proxy Server New Client Connection Crafted Packet H... |
61373 | Sun Java System Directory Proxy Server Client Operation Remote Privilege Esca... |
52513 | Sun Java System Directory Proxy Server Crafted LDAP Request Remote DoS |
OpenVAS Exploits
id | Description |
---|---|
2010-01-04 | Name : Sun Java System DSEE Multiple Vulnerabilities (Win) File : nvt/secpod_sun_java_dir_server_mult_vuln_win.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2010-B-0002 | Multiple Remote Vulnerabilities in Sun Java System Directory Server Severity: Category I - VMSKEY: V0022181 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2009-12-30 | Name: The remote directory service is affected by multiple vulnerabilities. File: sun_directory_proxy_server_multiple.nasl - Type: ACT_GATHER_INFO |
2009-02-13 | Name: The remote LDAP server is affected by a denial of service vulnerability. File: sun_directory_server_ldap_req_dos.nasl - Type: ACT_GATHER_INFO |
2007-10-12 | Name: The remote host is missing Sun Security Patch number 125276-10 File: solaris10_125276.nasl - Type: ACT_GATHER_INFO |