Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 up to and including 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote malicious users to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun java system directory server 6.2 |
||
sun java system directory server 6.3 |
||
sun java system directory server 6.0 |
||
sun java system directory server 6.1 |