CVE-2009-1139

high

Description

Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6253

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-018

http://www.vupen.com/english/advisories/2009/1537

http://www.us-cert.gov/cas/techalerts/TA09-160A.html

http://www.securitytracker.com/id?1022349

http://www.securityfocus.com/bid/35225

http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm

http://secunia.com/advisories/35355

http://osvdb.org/54938

Details

Source: Mitre, NVD

Published: 2009-06-10

Updated: 2019-04-30

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High