Back to search
CVE-2009-4440
Published: Dec 28, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2009-3647
vdb-entry
x_refsource_VUPEN
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1
x_refsource_CONFIRM
37481
vdb-entry
x_refsource_BID
1023389
vdb-entry
x_refsource_SECTRACK
270789
vendor-advisory
x_refsource_SUNALERT
37915
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now