CVE-2009-4442

CWE-163 documents3 sources

Severity

5.0MEDIUM

EPSS

1.3%

top 20.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Java System Directory Server

Timeline

PublishedDec 28

Latest updateMay 2

Description

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDsun/java_system_directory_server5 versions+4

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-92g7-p9j3-942v: Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6↗2022-05-02

▶

CVEList

CVE-2009-4442: Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6↗2009-12-28

▶