Lucene search

MitreCVE-2008-1995

HistoryApr 28, 2008 - 5:05 p.m.

CVE-2008-1995

2008-04-2817:05:00

CWE-264

mitre

web.nvd.nist.gov

sun java

directory proxy server

bypass

access restrictions

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.01

Percentile

83.7%

JSON

Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the “bind-dn” criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server.

Affected configurations

Nvd

Node

sunjava_system_directory_serverMatch6.0

sunjava_system_directory_serverMatch6.1

sunjava_system_directory_serverMatch6.2

VendorProductVersionCPE
sunjava_system_directory_server6.0cpe:2.3:a:sun:java_system_directory_server:6.0:*:*:*:*:*:*:*
sunjava_system_directory_server6.1cpe:2.3:a:sun:java_system_directory_server:6.1:*:*:*:*:*:*:*
sunjava_system_directory_server6.2cpe:2.3:a:sun:java_system_directory_server:6.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sun	java_system_directory_server	6.0	cpe:2.3:a:sun:java_system_directory_server:6.0:::::::*
sun	java_system_directory_server	6.1	cpe:2.3:a:sun:java_system_directory_server:6.1:::::::*
sun	java_system_directory_server	6.2	cpe:2.3:a:sun:java_system_directory_server:6.2:::::::*

References

secunia.com/advisories/29978

sunsolve.sun.com/search/document.do?assetkey=1-26-235381-1

www.securityfocus.com/bid/28941

www.securitytracker.com/id?1019925

www.vupen.com/english/advisories/2008/1374/references

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.01

Percentile

83.7%

JSON

Related for CVE-2008-1995