Oracle Sun Java System Directory Server CVE-2010-0897 Multiple Remote Vulnerabilities
BID:39453
Info
Oracle Sun Java System Directory Server CVE-2010-0897 Multiple Remote Vulnerabilities
| Bugtraq ID: | 39453 |
| Class: | Unknown |
| CVE: |
CVE-2010-0897 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2010 12:00AM |
| Updated: | Apr 15 2010 06:03PM |
| Credit: | Anonymous researcher working with Zero Day Initiative |
| Vulnerable: |
Sun Java System Directory Server Enterprise Edition 6.3.1 Sun Java System Directory Server Enterprise Edition 6.3 Sun Java System Directory Server Enterprise Edition 6.2 Sun Java System Directory Server Enterprise Edition 6.1 Sun Java System Directory Server Enterprise Edition 6.0 Sun Java System Directory Server 5.2 Patch6 Sun Java System Directory Server 5.2 Patch4 Sun Java System Directory Server 5.2 Patch3 Sun Java System Directory Server 5.2 Patch2 Sun Java System Directory Server 5.2 2005Q4 Sun Java System Directory Server 5.2 2005Q1 Sun Java System Directory Server 5.2 2004Q2 Sun Java System Directory Server 5.2 2003Q4 Sun Java System Directory Server 5.2 |
| Not Vulnerable: | |
Discussion
Oracle Sun Java System Directory Server CVE-2010-0897 Multiple Remote Vulnerabilities
Oracle Sun Java System Directory Server is prone to multiple remote vulnerabilities.
These vulnerabilities can be exploited over the 'LDAP' and 'HTTP' protocols. Remote attackers can exploit these issues without authenticating.
Successful exploits will allow attackers to exploit arbitrary code in the context of the vulnerable application or cause denial-of-service conditions.
These vulnerabilities affect the following supported versions:
5.2, 6.0, 6.1, 6.2, 6.3, 6.3.1
Oracle Sun Java System Directory Server is prone to multiple remote vulnerabilities.
These vulnerabilities can be exploited over the 'LDAP' and 'HTTP' protocols. Remote attackers can exploit these issues without authenticating.
Successful exploits will allow attackers to exploit arbitrary code in the context of the vulnerable application or cause denial-of-service conditions.
These vulnerabilities affect the following supported versions:
5.2, 6.0, 6.1, 6.2, 6.3, 6.3.1
Exploit / POC
Oracle Sun Java System Directory Server CVE-2010-0897 Multiple Remote Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Oracle Sun Java System Directory Server CVE-2010-0897 Multiple Remote Vulnerabilities
Solution:
Vendor updates are available. Please contact the vendor for more information.
Sun Java System Directory Server 5.2 Patch6
Sun Java System Directory Server Enterprise Edition 6.3.1
Solution:
Vendor updates are available. Please contact the vendor for more information.
Sun Java System Directory Server 5.2 Patch6
Sun Java System Directory Server Enterprise Edition 6.3.1
References
Oracle Sun Java System Directory Server CVE-2010-0897 Multiple Remote Vulnerabilities
References:
References:
- ZDI-10-073: Sun Microsystems Directory Server DSML-over-HTTP Username Search Den (Zero Day Initiative)
- ZDI-10-074: Sun Microsystems Directory Server Enterprise ASN.1 Parsing Remote Co (Zero Day Initiative)
- ZDI-10-075: Sun Microsystems Directory Server Enterprise DSML UTF-8 Denial of Se (Zero Day Initiative)
- Oracle Critical Patch Update April 2010 (Oracle)
- This Alert covers CVE-2010-0897 for the Sun Java System Directory Server product (Oracle)