Executive Summary
Summary | |
---|---|
Title | Sun Alert 270789 Directory Proxy Server Provided with Directory Server Enterprise Edition 6 is Subject to Denial of Service (DoS) and May Allow Unauthorized Access to Certain Data |
Informations | |||
---|---|---|---|
Name | SUN-270789 | First vendor Publication | 2009-12-23 |
Vendor | Sun | Last vendor Modification | 2009-12-23 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Sun Java System Directory Server Enterprise Edition 6.0, Sun Java System Directory Server Enterprise Edition 6.1, Sun Java System Directory Server Enterprise Edition 6.2, Sun Java System Directory Server Enterprise Edition 6.3 Multiple security vulnerabilities in the Directory Proxy Serverprovided with Directory Server Enterprise Edition 6.x may allow aremote unprivileged user to do the following: - cause a client operation to run temporarily with another client's privileges under certain circumstances - cause the server to stop responding to new client connections, using specially forged packets - prevent the server from sending results to other 'psearch' clients using a specially designed 'psearch' client" State: Resolved First released: 23-Dec-2009 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_270789_directory_proxy |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-362 | Race Condition |
50 % | CWE-16 | Configuration |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-01-04 | Name : Sun Java System DSEE Multiple Vulnerabilities (Win) File : nvt/secpod_sun_java_dir_server_mult_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
61417 | Sun Java System Directory Proxy Server SO_KEEPALIVE Connection Slot Exhaustio... |
61375 | Sun Java System Directory Proxy Server psearch Client Resource Exhaustion Rem... |
61374 | Sun Java System Directory Proxy Server New Client Connection Crafted Packet H... |
61373 | Sun Java System Directory Proxy Server Client Operation Remote Privilege Esca... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-01-07 | IAVM : 2010-B-0002 - Multiple Remote Vulnerabilities in Sun Java System Directory Server Severity : Category I - VMSKEY : V0022181 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-12-30 | Name : The remote directory service is affected by multiple vulnerabilities. File : sun_directory_proxy_server_multiple.nasl - Type : ACT_GATHER_INFO |