Sun Java Enterprise System up to 3.11 Network Security Service resource management
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.7 | $0-$5k | 0.00 |
A vulnerability, which was classified as critical, was found in Sun Java Enterprise System up to 3.11 (Programming Language Software). Affected is some unknown functionality of the component Network Security Service. The manipulation with an unknown input leads to a resource management vulnerability. CWE is classifying the issue as CWE-399. This is going to have an impact on availability. CVE summarizes:
Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large number of RSA cryptographic operations.
The weakness was published 06/21/2006 (Website). The advisory is shared for download at vupen.com. This vulnerability is traded as CVE-2006-3127 since 06/21/2006. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available.
It is declared as proof-of-concept.
Applying a patch is able to eliminate this problem.
Similar entry is available at 2648.
Product
Type
Vendor
Name
Version
License
Support
- end of life
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 6.7
VulDB Base Score: 7.5
VulDB Temp Score: 6.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Resource managementCWE: CWE-399 / CWE-404
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Timeline
06/14/2006 🔍06/21/2006 🔍
06/21/2006 🔍
06/21/2006 🔍
11/01/2006 🔍
04/30/2007 🔍
03/12/2015 🔍
09/16/2017 🔍
Sources
Vendor: oracle.comAdvisory: vupen.com⛔
Status: Confirmed
CVE: CVE-2006-3127 (🔍)
SecurityTracker: 1016294 - Java Enterprise System (JES) Network Security Services (NSS) Memory Leak Lets Remote Users Deny Service
SecurityFocus: 20846 - RETIRED: Sun Java System Network Security Services Remote Denial of Service Vulnerability
Secunia: 25048 - Sun Java System Directory Server NSS Denial of Service, Moderately Critical
Vupen: ADV-2007-1573
See also: 🔍
Entry
Created: 03/12/2015 14:25Updated: 09/16/2017 14:43
Changes: 03/12/2015 14:25 (58), 09/16/2017 14:43 (6)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.