PT-2006-4023 · Oracle+1 · Sun Java System Directory Server+2
Published
2006-06-21
·
Updated
2011-03-07
·
CVE-2006-3127
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Network Security Services (NSS) version 3.11
Sun Java Enterprise System versions 2003Q4 through 2005Q1
Java System Directory Server version 5.2
Description
A memory leak in the Network Security Services (NSS) allows remote attackers to cause a denial of service by performing a large number of RSA cryptographic operations, leading to memory consumption.
Recommendations
For Network Security Services (NSS) version 3.11, consider restricting the number of RSA cryptographic operations to minimize the risk of exploitation.
For Sun Java Enterprise System versions 2003Q4 through 2005Q1, restrict access to RSA cryptographic operations until a fix is available.
For Java System Directory Server version 5.2, limit the number of concurrent RSA cryptographic operations to prevent memory consumption.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sun Java System Directory Server
Network Security Services
Sun Java Enterprise System