Lucene search

K
cve[email protected]CVE-2009-4442
HistoryDec 28, 2009 - 7:30 p.m.

CVE-2009-4442

2009-12-2819:30:00
CWE-16
web.nvd.nist.gov
25
cve-2009-4442
directory proxy server
dps
sun java system
denial of service
nvd
bug id 6648665

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.4%

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665.

Affected configurations

NVD
Node
sunjava_system_directory_serverMatch6.0enterprise
OR
sunjava_system_directory_serverMatch6.1enterprise
OR
sunjava_system_directory_serverMatch6.2enterprise
OR
sunjava_system_directory_serverMatch6.3enterprise
OR
sunjava_system_directory_serverMatch6.3.1enterprise

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.4%

Related for CVE-2009-4442