This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2005-10-20
Product Java System Directory Server Last view 2010-02-25
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:sun:java_system_directory_server:5.2:*:*:*:*:*:*:* 11
cpe:2.3:a:sun:java_system_directory_server:5.2:2005q1:*:*:*:*:*:* 5
cpe:2.3:a:sun:java_system_directory_server:6.3:enterprise:*:*:*:*:*:* 5
cpe:2.3:a:sun:java_system_directory_server:6.2:enterprise:*:*:*:*:*:* 5
cpe:2.3:a:sun:java_system_directory_server:6.1:enterprise:*:*:*:*:*:* 5
cpe:2.3:a:sun:java_system_directory_server:6.0:*:enterprise:*:*:*:*:* 5
cpe:2.3:a:sun:java_system_directory_server:5.2:2003q4:*:*:*:*:*:* 5
cpe:2.3:a:sun:java_system_directory_server:5.2:2004q2:*:*:*:*:*:* 5
cpe:2.3:a:sun:java_system_directory_server:5.2:2005q4:*:*:*:*:*:* 4
cpe:2.3:a:sun:java_system_directory_server:6.3.1:enterprise:*:*:*:*:*:* 3
cpe:2.3:a:sun:java_system_directory_server:6.0:*:*:*:*:*:*:* 2
cpe:2.3:a:sun:java_system_directory_server:5.0:-:enterprise:*:*:*:*:* 2
cpe:2.3:a:sun:java_system_directory_server:7.0:-:enterprise:*:*:*:*:* 2
cpe:2.3:a:sun:java_system_directory_server:6.2:*:*:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_directory_server:6.1:*:*:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_directory_server:6.0:enterprise:*:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_directory_server:6.3.1:-:enterprise:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_directory_server:6.0:-:enterprise:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_directory_server:6.3:-:enterprise:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_directory_server:6.2:-:enterprise:*:*:*:*:* 1
cpe:2.3:a:sun:java_system_directory_server:6.1:-:enterprise:*:*:*:*:* 1

Related : CVE

  Date Alert Description
5 2010-02-25 CVE-2010-0708

Multiple unspecified vulnerabilities in (1) ns-slapd and (2) slapd.exe in Sun Directory Server Enterprise Edition 7.0, Sun Java System Directory Server 5.2, and Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allow remote attackers to cause a denial of service (daemon crash) via a crafted LDAP search request.

5 2010-01-14 CVE-2010-0313

The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted LDAP Search Request message.

4.3 2009-12-28 CVE-2009-4443

Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted psearch client to send requests that trigger a psearch thread loop, aka Bug Id 6855978.

5 2009-12-28 CVE-2009-4442

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665.

5 2009-12-28 CVE-2009-4441

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections, aka Bug Id 6782659.

6.8 2009-12-28 CVE-2009-4440

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593.

5 2009-04-17 CVE-2009-1332

The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors.

7.8 2009-02-17 CVE-2009-0609

Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of service (JDBC backend outage) via crafted LDAP requests.

7.8 2009-02-13 CVE-2009-0576

Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests.

7.5 2008-04-28 CVE-2008-1995

Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server.

6.4 2007-06-14 CVE-2007-3225

Unspecified vulnerability in Sun Java System Directory Server (slapd) 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors.

5 2007-06-14 CVE-2007-3224

Unspecified vulnerability in Sun ONE/Java System Directory Server (slapd) 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified vectors.

7.8 2007-05-02 CVE-2007-2466

Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER encodings.

7.8 2007-03-26 CVE-2006-4175

The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations.

7.8 2006-06-21 CVE-2006-3127

Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large number of RSA cryptographic operations.

7.5 2006-05-22 CVE-2006-2513

Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges.

5 2006-02-13 CVE-2006-0647

LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite.

7.5 2005-10-20 CVE-2005-3269

Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5) Sun ONE Administration Server 5.2 allows remote attackers to cause a denial of service (admin server crash), or local users to gain root privileges.

CWE : Common Weakness Enumeration

%idName
16% (1) CWE-399 Resource Management Errors
16% (1) CWE-362 Race Condition
16% (1) CWE-264 Permissions, Privileges, and Access Controls
16% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
16% (1) CWE-20 Improper Input Validation
16% (1) CWE-16 Configuration

Open Source Vulnerability Database (OSVDB)

id Description
62745 Sun Directory Server slapd.exe Multiple Unspecified LDAP Search DoS
62744 Sun Directory Server ns-slapd Multiple Unspecified LDAP Search DoS
61713 Sun Java System Directory Server ns-slapd core_get_proxyauth_dn Function LDAP...
61417 Sun Java System Directory Proxy Server SO_KEEPALIVE Connection Slot Exhaustio...
61375 Sun Java System Directory Proxy Server psearch Client Resource Exhaustion Rem...
61374 Sun Java System Directory Proxy Server New Client Connection Crafted Packet H...
61373 Sun Java System Directory Proxy Server Client Operation Remote Privilege Esca...
53800 Sun Java System Directory Server Online Help Feature Information Disclosure (...
52513 Sun Java System Directory Proxy Server Crafted LDAP Request Remote DoS
51955 Sun Java System Directory Server Crafted LDAP Request Handling DoS
44624 Sun Java System Directory Server bind-dn Remote Privilege Escalation
37247 Sun ONE/Java System Directory Server (slapd) Unspecified Remote Attribute Enu...
37246 Sun Java System Directory Server (slapd) Unspecified Remote Data Manipulation
35743 Sun Java System Directory Server LDAP Software Development Kit (SDK) BER Enco...
33524 Sun Java System Directory Server ns-slapd Remote DoS
27621 Network Security Services (NSS) RSA Cryptographic Operation Saturation DoS
25575 Sun Java System Directory Server Console Authentication Bypass
22996 Sun Java System Directory Server LDAP Malformed Packet DoS
19881 Sun Java System Directory Server Unspecified HTTP Admin Interface Issue

OpenVAS Exploits

id Description
2010-02-26 Name : Sun Java System Directory Server LDAP Search Request Denial of Service Vulner...
File : nvt/sun_dir_server_37899.nasl
2010-01-12 Name : Sun Java System Directory Server 'core_get_proxyauth_dn' Denial of Service Vu...
File : nvt/sun_dir_server_37699.nasl
2010-01-04 Name : Sun Java System DSEE Multiple Vulnerabilities (Win)
File : nvt/secpod_sun_java_dir_server_mult_vuln_win.nasl
2009-04-30 Name : Sun Java Directory Server Information Disclosure Vulnerability (Linux)
File : nvt/secpod_sun_java_dir_server_info_disc_vuln_lin.nasl
2009-04-30 Name : Sun Java Directory Server Information Disclosure Vulnerability (Win)
File : nvt/secpod_sun_java_dir_server_info_disc_vuln_win.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2010-B-0002 Multiple Remote Vulnerabilities in Sun Java System Directory Server
Severity: Category I - VMSKEY: V0022181

Snort® IPS/IDS

Date Description
2014-01-10 Sun Directory Server LDAP denial of service attempt
RuleID : 18101 - Type : SERVER-OTHER - Revision : 4
2014-01-10 Sun Directory Server LDAP denial of service attempt
RuleID : 17456 - Type : WEB-MISC - Revision : 5
2014-01-10 Sun Directory Server LDAP denial of service attempt
RuleID : 17455 - Type : WEB-MISC - Revision : 5
2014-01-10 Sun Directory Server LDAP denial of service attempt
RuleID : 17454 - Type : WEB-MISC - Revision : 5
2014-01-10 Sun Directory Server LDAP denial of service attempt
RuleID : 17453 - Type : WEB-MISC - Revision : 5
2014-01-10 Sun Directory Server LDAP denial of service attempt
RuleID : 17452 - Type : WEB-MISC - Revision : 5
2014-01-10 Sun Directory Server LDAP denial of service attempt
RuleID : 17451 - Type : WEB-MISC - Revision : 5

Nessus® Vulnerability Scanner

id Description
2009-12-30 Name: The remote directory service is affected by multiple vulnerabilities.
File: sun_directory_proxy_server_multiple.nasl - Type: ACT_GATHER_INFO
2009-06-04 Name: The remote web server is running a web application that is affected by an inf...
File: sun_ds_help_info_disclosure.nasl - Type: ACT_ATTACK
2009-02-13 Name: The remote LDAP server is affected by a denial of service vulnerability.
File: sun_directory_server_ldap_req_dos.nasl - Type: ACT_GATHER_INFO
2008-05-01 Name: The remote LDAP proxy server is prone to an unauthorized access attack.
File: sun_directory_remote_admin_unauth_access.nasl - Type: ACT_GATHER_INFO
2007-10-12 Name: The remote host is missing Sun Security Patch number 125276-10
File: solaris10_125276.nasl - Type: ACT_GATHER_INFO
2007-07-12 Name: The remote LDAP server has multiple vulnerabilities.
File: sun_directory_server_multiple.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 115614-28
File: solaris10_115614.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 115615-28
File: solaris9_x86_115615.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 115611-25
File: solaris9_x86_115611.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 115614-28
File: solaris9_115614.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 115610-25
File: solaris9_115610.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 115614-28
File: solaris8_115614.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 115610-25
File: solaris8_115610.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 115615-28
File: solaris10_x86_115615.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 115611-25
File: solaris10_x86_115611.nasl - Type: ACT_GATHER_INFO
2006-11-06 Name: The remote host is missing Sun Security Patch number 115610-25
File: solaris10_115610.nasl - Type: ACT_GATHER_INFO
2006-05-26 Name: The remote web server is protected with a default set of credentials.
File: sun_ds_server_console_access.nasl - Type: ACT_ATTACK
2006-02-13 Name: The remote LDAP server is prone to denial of service attacks.
File: sunone_ldap_dos.nasl - Type: ACT_DENIAL