Vulnerability Details : CVE-2009-4443

Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted psearch client to send requests that trigger a psearch thread loop, aka Bug Id 6855978.

Vulnerability category: Denial of service

Published 2009-12-28 19:30:01

Updated 2010-06-13 19:15:18

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2009-4443

Probability of exploitation activity in the next 30 days: 1.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-4443

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2009-4443

Products affected by CVE-2009-4443

SUN » Java System Directory Server » Version: 6.0 Enterprise Edition
cpe:2.3:a:sun:java_system_directory_server:6.0:*:enterprise:*:*:*:*:*
Matching versions
SUN » Java System Directory Server » Version: 6.1 Update Enterprise
cpe:2.3:a:sun:java_system_directory_server:6.1:enterprise:*:*:*:*:*:*
Matching versions
SUN » Java System Directory Server » Version: 6.2 Update Enterprise
cpe:2.3:a:sun:java_system_directory_server:6.2:enterprise:*:*:*:*:*:*
Matching versions
SUN » Java System Directory Server » Version: 6.3 Update Enterprise
cpe:2.3:a:sun:java_system_directory_server:6.3:enterprise:*:*:*:*:*:*
Matching versions
SUN » Java System Directory Server » Version: 6.3.1 Update Enterprise
cpe:2.3:a:sun:java_system_directory_server:6.3.1:enterprise:*:*:*:*:*:*
Matching versions