CVE-2009-4440
CVSS V2 Medium 6.8
CVSS V3 None
Description
Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593.
Overview
- CVE ID
- CVE-2009-4440
- Assigner
- cve@mitre.org
- Vulnerability Status
- Modified
- Published Version
- 2009-12-28T19:30:00
- Last Modified Date
- 2010-06-13T19:15:18
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:sun:java_system_directory_server:6.0:*:enterprise:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:sun:java_system_directory_server:6.1:enterprise:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:sun:java_system_directory_server:6.2:enterprise:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:sun:java_system_directory_server:6.3:enterprise:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- Access Vector
- NETWORK
- Access Compatibility
- MEDIUM
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 6.8
- Severity
- MEDIUM
- Exploitability Score
- 8.6
- Impact Score
- 6.4
References
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2009-4440 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4440 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 11:10:36 | Added to TrackCVE |