CVE-2006-3127 - Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 th

CVE-2006-3127

Summary

Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large number of RSA cryptographic operations.

References

Vulnerable Configurations

cpe:2.3:a:sun:java_enterprise_system:2003q4:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_enterprise_system:2003q4:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_enterprise_system:2004q2:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_enterprise_system:2004q2:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_enterprise_system:2005q1:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_enterprise_system:2005q1:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_directory_server:5.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_directory_server:5.2:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 07-03-2011 - 05:00)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	18604 20846
fedora	FEDORA-2006-728
sectrack	1016294
secunia	25048
sunalert	102461 102896
vupen	ADV-2007-1573

Last major update

07-03-2011 - 05:00

Published

21-06-2006 - 23:02

Last modified

07-03-2011 - 05:00