Описание
Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of service (JDBC backend outage) via crafted LDAP requests.
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sun:java_system_directory_server:6.0:enterprise:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_directory_server:6.1:enterprise:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_directory_server:6.2:enterprise:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_directory_server:6.3:enterprise:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00744
Низкий
7.8 High
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
почти 4 года назад
Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of service (JDBC backend outage) via crafted LDAP requests.
EPSS
Процентиль: 73%
0.00744
Низкий
7.8 High
CVSS2
Дефекты
CWE-20