CVE-2006-3127 - Vulnerability Details - OpenCVE

Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large number of RSA cryptographic operations.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sun	Java Enterprise System Java System Directory Server

Configuration 1 [-]

OR	cpe:2.3:a:sun:java_enterprise_system:2003q4:::::::*
	cpe:2.3:a:sun:java_enterprise_system:2004q2:::::::*
	cpe:2.3:a:sun:java_enterprise_system:2005q1:::::::*
	cpe:2.3:a:sun:java_system_directory_server:5.2:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/25048
http://securitytracker.com/id?1016294
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102461-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102896-1
http://www.redhat.com/archives/fedora-package-announce/2006-June/msg00155.html
http://www.securityfocus.com/bid/18604
http://www.securityfocus.com/bid/20846
http://www.vupen.com/english/advisories/2007/1573

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.01679}`	epss `{'score': 0.02052}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-06-21T23:00:00

Updated: 2024-08-07T18:16:05.966Z

Reserved: 2006-06-21T00:00:00

Link: CVE-2006-3127

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-06-21T23:02:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-3127

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-13T00:00:00", "descriptions": [{"lang": "en", "value": "Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large number of RSA cryptographic operations."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-06-27T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "18604", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18604"}, {"name": "102461", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102461-1"}, {"name": "ADV-2007-1573", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1573"}, {"name": "1016294", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016294"}, {"name": "25048", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25048"}, {"name": "102896", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102896-1"}, {"name": "FEDORA-2006-728", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://www.redhat.com/archives/fedora-package-announce/2006-June/msg00155.html"}, {"name": "20846", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20846"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3127", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large number of RSA cryptographic operations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "18604", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18604"}, {"name": "102461", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102461-1"}, {"name": "ADV-2007-1573", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1573"}, {"name": "1016294", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016294"}, {"name": "25048", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25048"}, {"name": "102896", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102896-1"}, {"name": "FEDORA-2006-728", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-package-announce/2006-June/msg00155.html"}, {"name": "20846", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20846"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:16:05.966Z"}, "title": "CVE Program Container", "references": [{"name": "18604", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18604"}, {"name": "102461", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102461-1"}, {"name": "ADV-2007-1573", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1573"}, {"name": "1016294", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016294"}, {"name": "25048", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25048"}, {"name": "102896", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102896-1"}, {"name": "FEDORA-2006-728", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://www.redhat.com/archives/fedora-package-announce/2006-June/msg00155.html"}, {"name": "20846", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20846"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3127", "datePublished": "2006-06-21T23:00:00", "dateReserved": "2006-06-21T00:00:00", "dateUpdated": "2024-08-07T18:16:05.966Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:java_enterprise_system:2003q4:*:*:*:*:*:*:*", "matchCriteriaId": "DC8DFE4D-1FB6-41D7-AAB6-82400C6B4504", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_enterprise_system:2004q2:*:*:*:*:*:*:*", "matchCriteriaId": "132976FA-A42E-4CC0-8C8F-9A034A046B07", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_enterprise_system:2005q1:*:*:*:*:*:*:*", "matchCriteriaId": "50246E42-89BE-4F08-A7D0-22977C985C8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_directory_server:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "083E8ACF-7A6B-4C7C-B1E1-1567D09A8E4B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large number of RSA cryptographic operations."}, {"lang": "es", "value": "Fallo de memoria en la Red de Servicios de Seguridad (NSS) 3.11, tal como se utiliza en Sun Java Enterprise System 2003Q4 2005Q1 y por medio de Java System Directory Server 5.2, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria) mediante la realizaci\u00f3n de un gran n\u00famero de operaciones de cifrado RSA ."}], "id": "CVE-2006-3127", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-21T23:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25048"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016294"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102461-1"}, {"source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102896-1"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-package-announce/2006-June/msg00155.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18604"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/20846"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/1573"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25048"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016294"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102461-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102896-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-package-announce/2006-June/msg00155.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18604"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/20846"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/1573"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}