CVE-2009-4443

high

Description

Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted psearch client to send requests that trigger a psearch thread loop, aka Bug Id 6855978.

References

http://www.vupen.com/english/advisories/2009/3647

http://www.securitytracker.com/id?1023389

http://www.securityfocus.com/bid/37481

http://sunsolve.sun.com/search/document.do?assetkey=1-66-270789-1

http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1

http://secunia.com/advisories/37915

Details

Source: Mitre, NVD

Published: 2009-12-28

Updated: 2010-06-13

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High