The installed version is earlier than 6.3.1 Update 1. Such versions are potentially affected by multiple vulnerabilities :
- Under certain conditions simultaneous long binds are incorrectly assigned the same backed connections. An attacker may exploit this flaw to hijack an authenticated user’s session and perform unauthorized operations. (CVE-2009-4440)
- ‘SO_KEEPALIVE’ socket option is not enabled, and hence it may be possible for a remote attacker to trigger a denial of service condition by exhausting available connection slots. (CVE-2009-4441)
- ‘max-client-connections’ configuration setting is not correctly implemented, thus it may be possible for a remote attacker to trigger a denial of service condition. (CVE-2009-4442)
- An unspecified vulnerability in the ‘psearch’ functionality could allow an attacker to trigger a denial of service condition. (CVE-2009-4443)