- Description
- Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of service (JDBC backend outage) via crafted LDAP requests.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:C
- nvd@nist.gov
- CWE-20
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_directory_server:6.0:enterprise:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F302F27-68F5-4B92-8579-8568B13D849C"
},
{
"criteria": "cpe:2.3:a:sun:java_system_directory_server:6.1:enterprise:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3FDCE4B-38AC-4843-82B5-7EF85750ACFE"
},
{
"criteria": "cpe:2.3:a:sun:java_system_directory_server:6.2:enterprise:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C8490D6F-42B3-4602-84A5-BBDD4315F366"
},
{
"criteria": "cpe:2.3:a:sun:java_system_directory_server:6.3:enterprise:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FE986BB-D278-4B34-9DC1-5D3102F94AF1"
}
],
"operator": "OR"
}
]
}
]