CVE-2006-4175

Name: CVE-2006-4175
Creator: NVD / NIST
Published: 2007-03-26T23:19:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.43%

Last modified Jun 16, 2026

CVE-2006-4175 is a vulnerability of currently unknown severity. The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations.. EPSS estimates a 3.43% chance of exploitation in the next 30 days.

Description

The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations.

Metrics

EPSS Probability

3.43%

87.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-824

Affected Software

Vendor	Product	Versions
Sun	Java System Directory Server	5.2
Sun	One Directory Server	5.1
Sun	One Directory Server	5.2

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=491Broken Link, Vendor Advisory
http://secunia.com/advisories/24634Broken Link, Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102853-1Broken Link
http://www.osvdb.org/33524Broken Link
http://www.securityfocus.com/bid/23117Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1017814Broken Link, Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2007/1090Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/33189Third Party Advisory, VDB Entry
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=491Broken Link, Vendor Advisory
http://secunia.com/advisories/24634Broken Link, Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102853-1Broken Link
http://www.osvdb.org/33524Broken Link
http://www.securityfocus.com/bid/23117Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1017814Broken Link, Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2007/1090Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/33189Third Party Advisory, VDB Entry

Timeline

Published: Mar 26, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-4175?

How severe is CVE-2006-4175?

Severity scoring for CVE-2006-4175 is pending analysis. The EPSS model estimates a 3.43% probability of exploitation in the next 30 days.

How do I fix CVE-2006-4175?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-4175?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST