CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
83.9%
Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5) Sun ONE Administration Server 5.2 allows remote attackers to cause a denial of service (admin server crash), or local users to gain root privileges.
Vendor | Product | Version | CPE |
---|---|---|---|
sun | java_system_directory_proxy_server | 5.2 | cpe:2.3:a:sun:java_system_directory_proxy_server:5.2:2003q4:*:*:*:*:*:* |
sun | java_system_directory_proxy_server | 5.2 | cpe:2.3:a:sun:java_system_directory_proxy_server:5.2:2004q2:*:*:*:*:*:* |
sun | java_system_directory_proxy_server | 5.2 | cpe:2.3:a:sun:java_system_directory_proxy_server:5.2:2005q1:*:*:*:*:*:* |
sun | java_system_directory_server | 5.2 | cpe:2.3:a:sun:java_system_directory_server:5.2:*:*:*:*:*:*:* |
sun | java_system_directory_server | 5.2 | cpe:2.3:a:sun:java_system_directory_server:5.2:2003q4:*:*:*:*:*:* |
sun | java_system_directory_server | 5.2 | cpe:2.3:a:sun:java_system_directory_server:5.2:2004q2:*:*:*:*:*:* |
sun | java_system_directory_server | 5.2 | cpe:2.3:a:sun:java_system_directory_server:5.2:2005q1:*:*:*:*:*:* |
sun | one_administration_server | 5.2 | cpe:2.3:a:sun:one_administration_server:5.2:*:*:*:*:*:*:* |
sun | one_directory_server | 4.16 | cpe:2.3:a:sun:one_directory_server:4.16:*:*:*:*:*:*:* |
sun | one_directory_server | 4.16 | cpe:2.3:a:sun:one_directory_server:4.16:sp1:*:*:*:*:*:* |
marc.info/?l=bugtraq&m=112862037500012&w=2
marc.info/?l=bugtraq&m=113815459026080&w=2
secunia.com/advisories/17092
secunia.com/advisories/18590
securityreason.com/securityalert/367
securityreason.com/securityalert/51
securitytracker.com/id?1015014
securitytracker.com/id?1015536
securitytracker.com/id?1015537
securitytracker.com/id?1015538
sunsolve.sun.com/search/document.do?assetkey=1-21-117665-03-1
sunsolve.sun.com/search/document.do?assetkey=1-26-102002-1
sunsolve.sun.com/search/document.do?assetkey=1-66-228419-1
www.securityfocus.com/bid/15013
www.securityfocus.com/bid/16345
www.vupen.com/english/advisories/2005/1988
exchange.xforce.ibmcloud.com/vulnerabilities/24311