PT-2012-3870 · Ibm · Ibm Rational Directory Server+2
Publicado
2012-08-08
·
Atualizado
2017-08-29
·
CVE-2012-2191
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
IBM Global Security Kit (GSKit) versions prior to 8.0.14.22
IBM Rational Directory Server versions prior to 8.0.14.22
IBM Tivoli Directory Server versions prior to 8.0.14.22
Description
The issue is related to the improper validation of data during the execution of a protection mechanism against the Vaudenay SSL CBC timing attack. This allows remote attackers to cause a denial of service, resulting in an application crash, via crafted values in the TLS Record Layer.
Recommendations
For IBM Global Security Kit (GSKit) versions prior to 8.0.14.22, update to version 8.0.14.22 or later.
For IBM Rational Directory Server versions prior to 8.0.14.22, update to version 8.0.14.22 or later.
For IBM Tivoli Directory Server versions prior to 8.0.14.22, update to version 8.0.14.22 or later.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Global Security Kit
Ibm Rational Directory Server
Ibm Tivoli Directory Server