Summary
| Detail | |||
|---|---|---|---|
| Vendor | Sun | First view | 2009-02-17 |
| Product | Java System Directory Server | Last view | 2009-12-28 |
| Version | 6.2 | Type | Application |
| Update | enterprise | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:sun:java_system_directory_server | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2009-12-28 | CVE-2009-4443 | Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted psearch client to send requests that trigger a psearch thread loop, aka Bug Id 6855978. |
| 5 | 2009-12-28 | CVE-2009-4442 | Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665. |
| 5 | 2009-12-28 | CVE-2009-4441 | Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections, aka Bug Id 6782659. |
| 6.8 | 2009-12-28 | CVE-2009-4440 | Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593. |
| 7.8 | 2009-02-17 | CVE-2009-0609 | Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of service (JDBC backend outage) via crafted LDAP requests. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (1) | CWE-362 | Race Condition |
| 33% (1) | CWE-20 | Improper Input Validation |
| 33% (1) | CWE-16 | Configuration |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 61417 | Sun Java System Directory Proxy Server SO_KEEPALIVE Connection Slot Exhaustio... |
| 61375 | Sun Java System Directory Proxy Server psearch Client Resource Exhaustion Rem... |
| 61374 | Sun Java System Directory Proxy Server New Client Connection Crafted Packet H... |
| 61373 | Sun Java System Directory Proxy Server Client Operation Remote Privilege Esca... |
| 52513 | Sun Java System Directory Proxy Server Crafted LDAP Request Remote DoS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2010-01-04 | Name : Sun Java System DSEE Multiple Vulnerabilities (Win) File : nvt/secpod_sun_java_dir_server_mult_vuln_win.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2010-B-0002 | Multiple Remote Vulnerabilities in Sun Java System Directory Server Severity: Category I - VMSKEY: V0022181 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2009-12-30 | Name: The remote directory service is affected by multiple vulnerabilities. File: sun_directory_proxy_server_multiple.nasl - Type: ACT_GATHER_INFO |
| 2009-02-13 | Name: The remote LDAP server is affected by a denial of service vulnerability. File: sun_directory_server_ldap_req_dos.nasl - Type: ACT_GATHER_INFO |
| 2007-10-12 | Name: The remote host is missing Sun Security Patch number 125276-10 File: solaris10_125276.nasl - Type: ACT_GATHER_INFO |
