CVE-2009-4441

3 documents3 sources

Severity

5.0MEDIUM

EPSS

1.8%

top 17.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Java System Directory Server

Timeline

PublishedDec 28

Latest updateMay 2

Description

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections, aka Bug Id 6782659.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDsun/java_system_directory_server5 versions+4

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-35hr-g25g-cfw6: Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6↗2022-05-02

▶

CVEList

CVE-2009-4441: Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6↗2009-12-28

▶