Detections
Analytics
Sun Java System Directory Proxy Server 6.x < 6.3.1.1 Multiple Vulnerabilities.
medium Nessus Plugin ID 43615
Language:
Synopsis
The remote directory service is affected by multiple vulnerabilities.Description
The remote host is running the Sun Java System Directory Proxy Server, an LDAP application-layer protocol gateway. It is typically provided with Sun Java System Directory Server Enterprise Edition.The installed version of Sun Java System Directory Proxy Server is older than 6.3.1.1 and thus affected by multiple flaws :
- Under certain conditions, simultaneous long binds are incorrectly assigned the same back-end connection. An attacker may exploit this vulnerability to hijack an authenticated user's session and perform unauthorized operations. (CVE-2009-4440)
- 'SO_KEEPALIVE' socket option is not enabled, making it possible for a remote attacker to trigger a denial of service condition by exhausting available connection slots. (CVE-2009-4441)
- 'max-client-connections' configuration setting is not correctly implemented, making it possible for a remote attacker to trigger a denial of service condition.
(CVE-2009-4442)
- An unspecified vulnerability in 'psearch' functionality may allow an attacker to trigger a denial of service condition. (CVE-2009-4443)
Solution
Upgrade to Sun Java System Directory Server Enterprise Edition version 6.3.1 and then install patch 141958-01 or later.See Also
Plugin Details
Severity: Medium
ID: 43615
File Name: sun_directory_proxy_server_multiple.nasl
Version: 1.13
Type: remote
Family: Misc.
Published: 12/30/2009
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
Exploit Ease: No known exploits are available
Patch Publication Date: 12/23/2009
Vulnerability Publication Date: 12/23/2009
Reference Information
CVE: CVE-2009-4440, CVE-2009-4441, CVE-2009-4442, CVE-2009-4443
BID: 37481