CVE-2009-1093 — JDK vulnerability

CWE-166 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

9.4%

top 7.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE SUN SDK

Timeline

PublishedMar 25

Latest updateMay 2

Description

LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDsun/jdk1.5.0+3

▶NVDsun/jre1.5.0+48

▶NVDsun/sdk1.3.1_24+48

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-4qmv-gqgr-jxhq: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5↗2022-05-02

▶

CVEList

CVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5↗2009-03-25

▶

📋Vendor Advisories

Ubuntu

OpenJDK vulnerabilities↗2009-03-26

▶

Red Hat

OpenJDK remote LDAP Denial-Of-Service (6717680)↗2009-03-25

▶

💬Community

Bugzilla

CVE-2009-1093 OpenJDK remote LDAP Denial-Of-Service (6717680)↗2009-03-13

▶