Detections
Analytics
Sun Java System Directory Proxy Server 6.x < 6.3.1 Update 1 Multiple Vulnerabilities
medium Nessus Network Monitor Plugin ID 5289
Synopsis
The remote host is running the Sun Java system Directory Proxy Server, and LDAP proxy server from Sun Microsystems.Description
The installed version is earlier than 6.3.1 Update 1. Such versions are potentially affected by multiple vulnerabilities :- Under certain conditions simultaneous long binds are incorrectly assigned the same backed connections. An attacker may exploit this flaw to hijack an authenticated user's session and perform unauthorized operations. (CVE-2009-4440)
- 'SO_KEEPALIVE' socket option is not enabled, and hence it may be possible for a remote attacker to trigger a denial of service condition by exhausting available connection slots. (CVE-2009-4441)
- 'max-client-connections' configuration setting is not correctly implemented, thus it may be possible for a remote attacker to trigger a denial of service condition. (CVE-2009-4442)
- An unspecified vulnerability in the 'psearch' functionality could allow an attacker to trigger a denial of service condition. (CVE-2009-4443)
Solution
Upgrade to Sun Java System Directory Server 6.3.1 and apply patch 141958-01See Also
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270789-1
Plugin Details
Severity: Medium
ID: 5289
Family: Generic
Published: 12/30/2009
Updated: 3/6/2019
Nessus ID: 43615
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 5.6
Temporal Score: 5.4
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:sun:java_system_directory_server
Patch Publication Date: 12/23/2009
Vulnerability Publication Date: 12/23/2009
Reference Information
CVE: CVE-2009-4440, CVE-2009-4441, CVE-2009-4442, CVE-2009-4443
BID: 37481