Improper input validation in Sun Java_system_directory_server

CVE-2009-0609

Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.025 (82.9th percentile) — read the EPSS interpretation.

Affected products

Sun Java_system_directory_server — versions 6.0, 6.1, 6.2
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (vendor-advisory, Patch, x_refsource_SUNALERT, Vendor Advisory)
cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)