Directory Proxy Server Vulnerability in Sun Java System Directory Server
CVE-2009-4440

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Directory Server
Vendor: CVE Published:; 28 December 2009

Summary

The Directory Proxy Server component in Sun Java System Directory Server Enterprise Edition versions 6.0 to 6.3.1 is susceptible to a vulnerability that arises from improper handling of multiple client connections in quick succession. This flaw allows remote attackers to exploit the mechanism, leading to potential hijacking of backend connections belonging to authenticated users. The issue is particularly significant in scenarios involving 'long binds', where attackers can opportunistically connect and gain unauthorized privileges, effectively impersonating legitimate users.

References

http://www.vupen.com/english/advisories/2009/3647

vdb-entryx_refsource_VUPEN

http://sunsolve.sun.com/search/document.do?assetkey=1-21-...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/37481

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Dec 28, 2009
Vulnerability Reserved
Dec 28, 2009