CVE-2009-4441

2009-12-2819:30:00

[email protected]

web.nvd.nist.gov

cve-2009-4441

directory proxy server

sun java system directory server enterprise edition

so_keepalive

denial of service

bug id 6782659

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.4%

JSON

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections, aka Bug Id 6782659.

Affected configurations

NVD

Node

sunjava_system_directory_serverMatch6.0enterprise

sunjava_system_directory_serverMatch6.1enterprise

sunjava_system_directory_serverMatch6.2enterprise

sunjava_system_directory_serverMatch6.3enterprise

sunjava_system_directory_serverMatch6.3.1enterprise

CPENameOperatorVersion
sun:java_system_directory_serversun java system directory servereq6.0
sun:java_system_directory_serversun java system directory servereq6.1
sun:java_system_directory_serversun java system directory servereq6.2
sun:java_system_directory_serversun java system directory servereq6.3
sun:java_system_directory_serversun java system directory servereq6.3.1

CPE	Name	Operator	Version
sun:java_system_directory_server	sun java system directory server	eq	6.0
sun:java_system_directory_server	sun java system directory server	eq	6.1
sun:java_system_directory_server	sun java system directory server	eq	6.2
sun:java_system_directory_server	sun java system directory server	eq	6.3
sun:java_system_directory_server	sun java system directory server	eq	6.3.1