Executive Summary
| Summary | |
|---|---|
| Title | Sun Alert 270789 Directory Proxy Server Provided with Directory Server Enterprise Edition 6 is Subject to Denial of Service (DoS) and May Allow Unauthorized Access to Certain Data |
| Informations | |||
|---|---|---|---|
| Name | SUN-270789 | First vendor Publication | 2009-12-23 |
| Vendor | Sun | Last vendor Modification | 2009-12-23 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.8 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Product: Sun Java System Directory Server Enterprise Edition 6.0, Sun Java System Directory Server Enterprise Edition 6.1, Sun Java System Directory Server Enterprise Edition 6.2, Sun Java System Directory Server Enterprise Edition 6.3 Multiple security vulnerabilities in the Directory Proxy Serverprovided with Directory Server Enterprise Edition 6.x may allow aremote unprivileged user to do the following: - cause a client operation to run temporarily with another client's privileges under certain circumstances - cause the server to stop responding to new client connections, using specially forged packets - prevent the server from sending results to other 'psearch' clients using a specially designed 'psearch' client" State: Resolved First released: 23-Dec-2009 |
Original Source
| Url : http://blogs.sun.com/security/entry/sun_alert_270789_directory_proxy |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 50 % | CWE-362 | Race Condition |
| 50 % | CWE-16 | Configuration |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-01-04 | Name : Sun Java System DSEE Multiple Vulnerabilities (Win) File : nvt/secpod_sun_java_dir_server_mult_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 61417 | Sun Java System Directory Proxy Server SO_KEEPALIVE Connection Slot Exhaustio... |
| 61375 | Sun Java System Directory Proxy Server psearch Client Resource Exhaustion Rem... |
| 61374 | Sun Java System Directory Proxy Server New Client Connection Crafted Packet H... |
| 61373 | Sun Java System Directory Proxy Server Client Operation Remote Privilege Esca... |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2010-01-07 | IAVM : 2010-B-0002 - Multiple Remote Vulnerabilities in Sun Java System Directory Server Severity : Category I - VMSKEY : V0022181 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-12-30 | Name : The remote directory service is affected by multiple vulnerabilities. File : sun_directory_proxy_server_multiple.nasl - Type : ACT_GATHER_INFO |
