Lucene search
Tenable5289.PRMHistoryDec 30, 2009 - 12:00 a.m.
Sun Java System Directory Proxy Server 6.x < 6.3.1 Update 1 Multiple Vulnerabilities
2009-12-3000:00:00
Tenable
www.tenable.com
5
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.4%
The installed version is earlier than 6.3.1 Update 1. Such versions are potentially affected by multiple vulnerabilities :
- Under certain conditions simultaneous long binds are incorrectly assigned the same backed connections. An attacker may exploit this flaw to hijack an authenticated user’s session and perform unauthorized operations. (CVE-2009-4440)
- ‘SO_KEEPALIVE’ socket option is not enabled, and hence it may be possible for a remote attacker to trigger a denial of service condition by exhausting available connection slots. (CVE-2009-4441)
- ‘max-client-connections’ configuration setting is not correctly implemented, thus it may be possible for a remote attacker to trigger a denial of service condition. (CVE-2009-4442)
- An unspecified vulnerability in the ‘psearch’ functionality could allow an attacker to trigger a denial of service condition. (CVE-2009-4443)
Binary data 5289.prm| Vendor | Product | Version | CPE |
|---|---|---|---|
| sun | java_system_directory_server | cpe:/a:sun:java_system_directory_server |
Related
openvas
openvas
Sun Java System DSEE Multiple Vulnerabilities - Windows
2010-01-04 00:00:00
Sun Java System DSEE Multiple Vulnerabilities (Windows)
2010-01-04 00:00:00
nessus
nessus
prion
prion
Code injection
2009-12-28 19:30:00
Code injection
2009-12-28 19:30:00
Design/Logic Flaw
2009-12-28 19:30:00
nvd
nvd
cve
cve
cvelist
cvelist
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.4%
Related for 5289.PRM