CVE-2009-4440

2009-12-2819:30:00

CWE-362

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.014

Percentile

86.4%

JSON

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to “long binds,” aka Bug Ids 6828462 and 6823593.

Affected configurations

Nvd

Node

sunjava_system_directory_serverMatch6.0enterprise

sunjava_system_directory_serverMatch6.1enterprise

sunjava_system_directory_serverMatch6.2enterprise

sunjava_system_directory_serverMatch6.3enterprise

VendorProductVersionCPE
sunjava_system_directory_server6.0cpe:2.3:a:sun:java_system_directory_server:6.0:*:enterprise:*:*:*:*:*
sunjava_system_directory_server6.1cpe:2.3:a:sun:java_system_directory_server:6.1:enterprise:*:*:*:*:*:*
sunjava_system_directory_server6.2cpe:2.3:a:sun:java_system_directory_server:6.2:enterprise:*:*:*:*:*:*
sunjava_system_directory_server6.3cpe:2.3:a:sun:java_system_directory_server:6.3:enterprise:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	java_system_directory_server	6.0	cpe:2.3:a:sun:java_system_directory_server:6.0::enterprise:::::
sun	java_system_directory_server	6.1	cpe:2.3:a:sun:java_system_directory_server:6.1:enterprise::::::
sun	java_system_directory_server	6.2	cpe:2.3:a:sun:java_system_directory_server:6.2:enterprise::::::
sun	java_system_directory_server	6.3	cpe:2.3:a:sun:java_system_directory_server:6.3:enterprise::::::