Vulnerability Name:

CVE-2006-5654 (CCN-29946)

Assigned:2006-10-31
Published:2006-10-31
Updated:2017-07-20
Summary:Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors.
Note: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2006-5654

Source: CCN
Type: SA22646
Sun ONE/Java System Web Server NSS Denial of Service

Source: SECUNIA
Type: Vendor Advisory
22646

Source: CCN
Type: SECTRACK ID: 1017143
Sun Java Application Server SSLv2 Buffer Overflow Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1017143

Source: CCN
Type: Sun Alert ID: 102670
A Vulnerability in Network Security Services (NSS) Affects Sun Java System Web Server and Sun ONE Application Server

Source: SUNALERT
Type: UNKNOWN
102670

Source: CCN
Type: US-CERT VU#594904
Sun Network Security Services (NSS) vulnerable to DoS due to an unspecified vulnerability

Source: BID
Type: UNKNOWN
20846

Source: CCN
Type: BID-20846
RETIRED: Sun Java System Network Security Services Remote Denial of Service Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2006-4299

Source: XF
Type: UNKNOWN
sun-java-nss-dos(29946)

Source: XF
Type: UNKNOWN
sun-java-nss-dos(29946)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:java_system_web_server:6.0:sp9:*:*:*:*:*:*
  • OR cpe:/a:sun:one_application_server:*:update_2:*:*:*:*:*:* (Version <= 7.0)

    • Configuration CCN 1:
  • cpe:/a:sun:java_system_web_server:6.0:sp8:*:*:*:*:*:*
  • OR cpe:/a:sun:one_application_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_server:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_server:6.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_server:6.0:sp3:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_server:6.0:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_server:6.0:sp5:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_server:6.0:sp6:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_server:6.0:sp7:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_web_server:6.0:sp9:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:::x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10.0::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun java system web server 6.0 sp9
    sun one application server * update_2
    sun java system web server 6.0 sp8
    sun one application server 7.0
    sun java system web server 6.0
    sun java system web server 6.0 sp1
    sun java system web server 6.0 sp2
    sun java system web server 6.0 sp3
    sun java system web server 6.0 sp4
    sun java system web server 6.0 sp5
    sun java system web server 6.0 sp6
    sun java system web server 6.0 sp7
    sun java system web server 6.0 sp9
    sun solaris
    sun solaris 10.0