[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-4440

Date: (C)2009-12-28   (M)2015-12-16
 
CVSS Score: 6.8Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593.

Reference:
SECTRACK-1023389
SUNALERT-270789
BID-37481
SECUNIA-37915
ADV-2009-3647
IAVM:2010-B-0002
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1

CWE    1
CWE-362

© 2013 SecPod Technologies