CVE-2009-4440

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sun:java_system_directory_server:6.0:*:enterprise:*:*:*:*:*
cpe:2.3:a:sun:java_system_directory_server:6.1:enterprise:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_directory_server:6.2:enterprise:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_directory_server:6.3:enterprise:*:*:*:*:*:*

History

No history.

Information

Published : 2009-12-28 19:30

Updated : 2024-02-28 11:41


NVD link : CVE-2009-4440

Mitre link : CVE-2009-4440

CVE.ORG link : CVE-2009-4440


JSON object : View

Products Affected

sun

  • java_system_directory_server
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')