CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0609
https://notcve.org/view.php?id=CVE-2009-0609
Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of service (JDBC backend outage) via crafted LDAP requests. Sun Java System Directory Proxy Server en Sun Java System Directory Server Enterprise Edition v6.0 hasta v6.3, cuando una fuente de datos JDBC es utilizado, no se maneja adecuadamente (1) un valor largo en un ADD o (2) atributos de cadena largos, lo que permite a atacantes remotos provocar una denegación de servicio (JDBC backend outage) a través de peticiones manipulada LDAP. • http://secunia.com/advisories/33923 http://sunsolve.sun.com/search/document.do?assetkey=1-21-125276-08-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-251086-1 http://www.securityfocus.com/bid/33761 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 0CVE-2009-0576
https://notcve.org/view.php?id=CVE-2009-0576
Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests. Vulnerabilidad no especificada en Sun Java System Directory Server v5.2 p6 y versiones anteriores, y Enterprise Edition v5, permite a atacantes remotos provocar una denegación de servicio (parada de demonio) mediante peticiones LDAP manipuladas. • http://secunia.com/advisories/33850 http://sunsolve.sun.com/search/document.do?assetkey=1-21-116837-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-250086-1 http://www.securityfocus.com/bid/33732 http://www.vupen.com/english/advisories/2009/0409 https://exchange.xforce.ibmcloud.com/vulnerabilities/48662 •
CVSS: 5.0EPSS: 1%CPEs: 36EXPL: 1CVE-2009-0348 – Sun Java System Access Manager 7.1 - 'Username' Enumeration
https://notcve.org/view.php?id=CVE-2009-0348
The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. El módulo de ingreso en Sun Java System Access Manager v6 2005Q1 (antes conocido como v6.3), v7 2005Q4 (antes conocido como v7.0), y v7.1. responde de manera diferente dependiendo de si la cuenta existe o no, lo que permite a atacantes remotos averiguar nombres de usuario válidos. • https://www.exploit-db.com/exploits/32762 http://secunia.com/advisories/33688 http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-15-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1 http://www.securityfocus.com/bid/33489 http://www.vupen.com/english/advisories/2009/0269 https://exchange.xforce.ibmcloud.com/vulnerabilities/48283 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2009-0278
https://notcve.org/view.php?id=CVE-2009-0278
Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request. Sun Java System Application Server (AS) 8.1 y 8.2 permite a atacantes remotos leer los ficheros de configuración de las aplicaciones Web en los directorios (1) WEB-INF o (2) META-INF mediante una solicitud mal formada. • http://osvdb.org/51604 http://secunia.com/advisories/33725 http://sunsolve.sun.com/search/document.do?assetkey=1-21-119166-35-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-245446-1 http://www.securityfocus.com/bid/33397 http://www.vupen.com/english/advisories/2009/0208 https://exchange.xforce.ibmcloud.com/vulnerabilities/48161 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2009-0170
https://notcve.org/view.php?id=CVE-2009-0170
Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console. Sun Java System Access Manager v6.3 2005Q1, v7 2005Q4, y v7.1 permite a atacantes remotos autenticar usuarios con privilegios de consola para descubrir contraseñas, y obtener otros "accesos a recursos" no especificados, visitando el componente Configuration Items en la consola. • http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-242166-1 http://www.securityfocus.com/bid/33265 http://www.securitytracker.com/id?1021605 http://www.vupen.com/english/advisories/2009/0156 https://exchange.xforce.ibmcloud.com/vulnerabilities/47942 • CWE-255: Credentials Management Errors CWE-264: Permissions, Privileges, and Access Controls •