Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0647

4 documents4 sources

Severity

5.0MEDIUM

EPSS

15.8%

top 5.26%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SUN Java System Directory Server

Timeline

PublishedFeb 13

Latest updateMay 1

Description

LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDsun/java_system_directory_server5.2

🔴Vulnerability Details

GHSA

GHSA-8p78-whvw-25x2: LDAP service in Sun Java System Directory Server 5↗2022-05-01

▶

CVEList

CVE-2006-0647: LDAP service in Sun Java System Directory Server 5↗2006-02-13

▶

💥Exploits & PoCs

Exploit-DB

Sun ONE Directory Server 5.2 - Remote Denial of Service↗2006-02-08

▶