Lucene search

[email protected]CVE-2008-1995

HistoryApr 28, 2008 - 5:05 p.m.

CVE-2008-1995

2008-04-2817:05:00

CWE-264

[email protected]

web.nvd.nist.gov

sun java

directory proxy server

bypass

access restrictions

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.8%

JSON

Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the “bind-dn” criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server.

Affected configurations

NVD

Node

sunjava_system_directory_serverMatch6.0

sunjava_system_directory_serverMatch6.1

sunjava_system_directory_serverMatch6.2

CPENameOperatorVersion
sun:java_system_directory_serversun java system directory servereq6.0
sun:java_system_directory_serversun java system directory servereq6.1
sun:java_system_directory_serversun java system directory servereq6.2

CPE	Name	Operator	Version
sun:java_system_directory_server	sun java system directory server	eq	6.0
sun:java_system_directory_server	sun java system directory server	eq	6.1
sun:java_system_directory_server	sun java system directory server	eq	6.2

References

secunia.com/advisories/29978

sunsolve.sun.com/search/document.do?assetkey=1-26-235381-1

www.securityfocus.com/bid/28941

www.securitytracker.com/id?1019925

www.vupen.com/english/advisories/2008/1374/references

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.8%

JSON

Related for CVE-2008-1995

nvd1 nessus1 prion1 cvelist1