CVE-2009-4440
Last modified
CVE-2009-4440 is a vulnerability of currently unknown severity. Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593.. EPSS estimates a 1.60% chance of exploitation in the next 30 days.
Description
Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Sun | Java System Directory Server | 6.0 | — |
| Sun | Java System Directory Server | 6.1 | Enterprise |
| Sun | Java System Directory Server | 6.2 | Enterprise |
| Sun | Java System Directory Server | 6.3 | Enterprise |
References
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-270789-1Patch, Vendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-270789-1Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-4440?
How severe is CVE-2009-4440?
How do I fix CVE-2009-4440?
Are you affected by CVE-2009-4440?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST