PT-2012-3870 · Ibm · Ibm Rational Directory Server+2
Published
2012-08-08
·
Updated
2017-08-29
·
CVE-2012-2191
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
IBM Global Security Kit (GSKit) versions prior to 8.0.14.22
IBM Rational Directory Server versions prior to 8.0.14.22
IBM Tivoli Directory Server versions prior to 8.0.14.22
Description
The issue is related to the improper validation of data during the execution of a protection mechanism against the Vaudenay SSL CBC timing attack. This allows remote attackers to cause a denial of service, resulting in an application crash, via crafted values in the TLS Record Layer.
Recommendations
For IBM Global Security Kit (GSKit) versions prior to 8.0.14.22, update to version 8.0.14.22 or later.
For IBM Rational Directory Server versions prior to 8.0.14.22, update to version 8.0.14.22 or later.
For IBM Tivoli Directory Server versions prior to 8.0.14.22, update to version 8.0.14.22 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Global Security Kit
Ibm Rational Directory Server
Ibm Tivoli Directory Server