Java System Directory Server
CVEs (24)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-0313 | 0.04 | — | 0.09 | Jan 14, 2010 | The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted LDAP Search Request message. | |||
| CVE-2006-0647 | 0.04 | — | 0.10 | Feb 13, 2006 | LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP… | |||
| CVE-2010-0897 | 0.00 | — | 0.03 | Apr 13, 2010 | Unspecified vulnerability in the Sun Java System Directory Server component in Oracle Sun Product Suite 5.2, 6.0, 6.1, 6.2, 6.3, and 6.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Directory Service Markup… | |||
| CVE-2010-0708 | 0.00 | — | 0.02 | Feb 25, 2010 | Multiple unspecified vulnerabilities in (1) ns-slapd and (2) slapd.exe in Sun Directory Server Enterprise Edition 7.0, Sun Java System Directory Server 5.2, and Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allow remote attackers to cause a denial of… | |||
| CVE-2009-4443 | 0.00 | — | 0.02 | Dec 28, 2009 | Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted… | |||
| CVE-2009-4442 | 0.00 | — | 0.02 | Dec 28, 2009 | Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making… | |||
| CVE-2009-4441 | 0.00 | — | 0.02 | Dec 28, 2009 | Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections,… | |||
| CVE-2009-4440 | 0.00 | — | 0.02 | Dec 28, 2009 | Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and… | |||
| CVE-2009-1332 | 0.00 | — | 0.02 | Apr 17, 2009 | The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors. | |||
| CVE-2009-0609 | 0.00 | — | 0.03 | Feb 17, 2009 | Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of… | |||
| CVE-2009-0576 | 0.00 | — | 0.03 | Feb 13, 2009 | Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests. | |||
| CVE-2008-1995 | 0.00 | — | 0.02 | Apr 28, 2008 | Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server. | |||
| CVE-2007-3224 | 0.00 | — | 0.02 | Jun 14, 2007 | Unspecified vulnerability in Sun ONE/Java System Directory Server (slapd) 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified vectors. | |||
| CVE-2007-3225 | 0.00 | — | 0.02 | Jun 14, 2007 | Unspecified vulnerability in Sun Java System Directory Server (slapd) 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors. | |||
| CVE-2007-2466 | 0.00 | — | 0.03 | May 2, 2007 | Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER encodings. | |||
| CVE-2006-4175 | 0.00 | — | 0.03 | Mar 26, 2007 | The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized… | |||
| CVE-2006-3127 | 0.00 | — | 0.03 | Jun 21, 2006 | Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large number of RSA cryptographic… | |||
| CVE-2006-2513 | 0.00 | — | 0.02 | May 22, 2006 | Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges. | |||
| CVE-2005-3269 | 0.00 | — | 0.03 | Oct 20, 2005 | Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5)… | |||
| CVE-2003-1125 | 0.00 | — | 0.01 | Dec 31, 2003 | Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5.0, and 5.1 allows LDAP clients to cause a denial of service (service halt). |
- CVE-2010-0313Jan 14, 2010risk 0.04cvss —epss 0.09
The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted LDAP Search Request message.
- CVE-2006-0647Feb 13, 2006risk 0.04cvss —epss 0.10
LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP…
- CVE-2010-0897Apr 13, 2010risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Sun Java System Directory Server component in Oracle Sun Product Suite 5.2, 6.0, 6.1, 6.2, 6.3, and 6.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Directory Service Markup…
- CVE-2010-0708Feb 25, 2010risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in (1) ns-slapd and (2) slapd.exe in Sun Directory Server Enterprise Edition 7.0, Sun Java System Directory Server 5.2, and Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allow remote attackers to cause a denial of…
- CVE-2009-4443Dec 28, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted…
- CVE-2009-4442Dec 28, 2009risk 0.00cvss —epss 0.02
Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making…
- CVE-2009-4441Dec 28, 2009risk 0.00cvss —epss 0.02
Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections,…
- CVE-2009-4440Dec 28, 2009risk 0.00cvss —epss 0.02
Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and…
- CVE-2009-1332Apr 17, 2009risk 0.00cvss —epss 0.02
The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors.
- CVE-2009-0609Feb 17, 2009risk 0.00cvss —epss 0.03
Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of…
- CVE-2009-0576Feb 13, 2009risk 0.00cvss —epss 0.03
Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests.
- CVE-2008-1995Apr 28, 2008risk 0.00cvss —epss 0.02
Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server.
- CVE-2007-3224Jun 14, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Sun ONE/Java System Directory Server (slapd) 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified vectors.
- CVE-2007-3225Jun 14, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Sun Java System Directory Server (slapd) 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors.
- CVE-2007-2466May 2, 2007risk 0.00cvss —epss 0.03
Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER encodings.
- CVE-2006-4175Mar 26, 2007risk 0.00cvss —epss 0.03
The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized…
- CVE-2006-3127Jun 21, 2006risk 0.00cvss —epss 0.03
Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large number of RSA cryptographic…
- CVE-2006-2513May 22, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges.
- CVE-2005-3269Oct 20, 2005risk 0.00cvss —epss 0.03
Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5)…
- CVE-2003-1125Dec 31, 2003risk 0.00cvss —epss 0.01
Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5.0, and 5.1 allows LDAP clients to cause a denial of service (service halt).
Page 1 of 2