CVE-2009-4443

Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted psearch client to send requests that trigger a psearch thread loop, aka Bug Id 6855978.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1	Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270789-1	Patch Vendor Advisory
http://www.securitytracker.com/id?1023389
http://secunia.com/advisories/37915
http://www.securityfocus.com/bid/37481
http://www.vupen.com/english/advisories/2009/3647

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sun:java_system_directory_server:6.3.1:enterprise::::::
	cpe:2.3:a:sun:java_system_directory_server:6.2:enterprise::::::
	cpe:2.3:a:sun:java_system_directory_server:6.3:enterprise::::::
	cpe:2.3:a:sun:java_system_directory_server:6.0::enterprise:::::
	cpe:2.3:a:sun:java_system_directory_server:6.1:enterprise::::::

Information

Published : 2009-12-28 11:30

Updated : 2010-06-13 12:15

NVD link : CVE-2009-4443

Mitre link : CVE-2009-4443

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

sun

java_system_directory_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1", "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270789-1", "name": "270789", "tags": ["Patch", "Vendor Advisory"], "refsource": "SUNALERT"}, {"url": "http://www.securitytracker.com/id?1023389", "name": "1023389", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/37915", "name": "37915", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/37481", "name": "37481", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2009/3647", "name": "ADV-2009-3647", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted psearch client to send requests that trigger a psearch thread loop, aka Bug Id 6855978."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-4443", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-12-28T19:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sun:java_system_directory_server:6.3.1:enterprise:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_directory_server:6.2:enterprise:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_directory_server:6.3:enterprise:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_directory_server:6.0:*:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_directory_server:6.1:enterprise:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2010-06-13T19:15Z"}

4.3 /10