Vulnerability in Sun Java_system_directory_server

CVE-2009-4440

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend conn…

Vulnerability class: Race Condition

EPSS: 0.016 (72.7th percentile) — read the EPSS interpretation.

Affected products

Sun Java_system_directory_server — versions 6.0, 6.1, 6.2
N/a — versions n/a

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

cve@mitre.org (vdb-entry, x_refsource_VUPEN)
cve@mitre.org (x_refsource_CONFIRM, Patch)
cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (vendor-advisory, Patch, x_refsource_SUNALERT, Vendor Advisory)
cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)