CVE-2008-1995

CWE-2643 documents3 sources

Severity

7.5HIGH

EPSS

0.4%

top 39.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Java System Directory Server

Timeline

PublishedApr 28

Latest updateMay 1

Description

Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDsun/java_system_directory_server6.0, 6.1, 6.2+2

🔴Vulnerability Details

GHSA

GHSA-6rhq-jp74-wpph: Sun Java System Directory Proxy Server 6↗2022-05-01

▶

CVEList

CVE-2008-1995: Sun Java System Directory Proxy Server 6↗2008-04-28

▶