CVE-2007-2466

CVE-2007-2466 affects the LDAP Software Development Kit (SDK) for C used in Sun Java System Directory Server 5.2 (up to Patch 4) and Sun ONE Directory Server 5.1. The vulnerability is described as unspecified but enables remote attackers to cause a denial of service (crash) via certain BER encodi...

Solaris 10 (x86) : 122794-36 (deprecated)

Sun Java System Communications Express 6.3-23.01x86: core patch. Date this patch was last updated by Sun : Jun/25/12 This plugin has been deprecated and either replaced with individual 122794 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security,...

Solaris 10 (sparc) : 122793-36 (deprecated)

Sun Java System Communications Express 6.3-23.01: core patch. Date this patch was last updated by Sun : Jun/25/12 This plugin has been deprecated and either replaced with individual 122793 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Solaris 9 (sparc) : 122793-36

Sun Java System Communications Express 6.3-23.01: core patch. Date this patch was last updated by Sun : Jun/25/12 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

Sun Java System Directory Server未初始化指针远程内存破坏漏洞

Sun Java System Directory Server是一款由Sun公司开发的LDAP服务器。 Sun Java System Directory Server存在设计错误，远程攻击者可以利用漏洞对服务程序进行拒绝服务攻击。 问题存在于针对部分失败查询类型的清理代码中，可导致服务器调用free，并从未初始化内存中获取地址，非法内存的引用可导致拒绝服务攻击。 Sun Java System Directory Server 5.2 可参考如下补丁程序： http://sunsolve.sun.com/search/document.do?assetkey=1-26-102853-...

CVE-2006-4175

The CVE-2006-4175 issue affects Sun Java System Directory Server and ONE Directory Server (ns-slapd) versions 5.2 Patch4 and earlier, and 5.1/5.2 for ONE. Affected component: LDAP server; root cause: malformed BER queries in the BER decoding/cleanup path lead to a free of uninitialized memory. Im...

CVE-2006-4175

The LDAP server ns-slapd in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service crash via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations...

iDefense Security Advisory 03.23.07: Sun Java System Directory Server 5.2 Uninitialized Pointer Cleanup Design Error Vulnerability

Sun Java System Directory Server 5.2 Uninitialized Pointer Cleanup Design Error Vulnerability iDefense Security Advisory 03.23.07 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 23, 2007 I. BACKGROUND Sun Java System Directory Server is an LDAP server distributed by Sun with multiple...

CVE-2007-1526

CVE-2007-1526 affects Sun Java System Web Server 6.1 prior to 20070314. The flaw allows remote authenticated users with revoked client certificates to bypass CRL checks and access secure web server instances running under a different admin account via unspecified vectors. Remediation in the conne...

Code injection

Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application...

CVE-2007-1488

Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application...

CVE-2007-1488

Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application...

Sun Java System Web Server证书撤销访问控制绕过漏洞

Sun Java系统应用和WEB服务器都是与J2EE平台兼容的应用服务器。 Sun Java System Web Server中的安全漏洞可能允许本地或远程用户获取对某些Web服务器例程的授权访问。 如果通过管理服务器创建了安全的Web服务器例程做为非root例程且将改管理服务器配置为以root用户权限运行的话，则这个漏洞可能允许拥有已撤销客户端证书的用户在某些条件下访问Web服务器例程，即使该例程已经安装了有效的证书撤销列表（CRL）文件。 仅在满足以下两个条件下这个漏洞才会影响主机： 1 包含有满足某些标准的证书撤销列表（CRL） 2...

Heap overflow

Integer underflow in the SSLv2 support in Mozilla Network Security Services NSS before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to...

CVE-2007-0009

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services NSS before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote...

CVE-2007-0008

CVE-2007-0008 is an NSS heap-based overflow caused by an integer underflow when processing an SSLv2 server message with a key too short to encrypt the Master Secret. It affects SeaMonkey, Firefox, and Thunderbird around NSS usage and was addressed by updating to fixed NSS-containing packages (e.g...

Sun Network Security Services (NSS) vulnerable to DoS due to an unspecified vulnerability

Overview The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. Description The Sun One Application Server provides a Java 2 Platform for delivering Java...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 6.3, and 7 2005Q4 7.0 before 20070129 allow remote attackers to inject arbitrary web script or HTML via the 1 goto or 2 gx-charset parameter. NOTE: some of these details are obtained from third...

CVE-2007-0628

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 6.3, and 7 2005Q4 7.0 before 20070129 allow remote attackers to inject arbitrary web script or HTML via the 1 goto or 2 gx-charset parameter. NOTE: some of these details are obtained from third...

CVE-2007-0628

CVE-2007-0628 concerns multiple XSS vulnerabilities in Sun Java System Access Manager versions 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) prior to 20070129. The flaws allow remote attackers to inject arbitrary web script or HTML through the goto or gx-charset parameters. The NVD entry lists a C...