PT-2009-6562 · Oracle · Sun Java System Directory Server Enterprise Edition

Publicado

2009-12-28

Atualizado

2010-06-13

CVE-2009-4441

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Sun Java System Directory Server Enterprise Edition versions 6.0 through 6.3.1

Description The issue is related to the Directory Proxy Server (DPS) not enabling the SO KEEPALIVE socket option, which can lead to a denial of service (connection slot exhaustion) via multiple connections from remote attackers.

Recommendations For versions 6.0 through 6.3.1, consider enabling the SO KEEPALIVE socket option to prevent connection slot exhaustion. As a temporary workaround, restrict the number of connections to the Directory Proxy Server to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2009-4441

Produtos afetados

Sun Java System Directory Server Enterprise Edition

PT-2009-6562 · Oracle · Sun Java System Directory Server Enterprise Edition

CVE-2009-4441

Identificadores relacionados

Produtos afetados

Referências · 7