CVSS: 4.3EPSS: 0%CPEs: 140EXPL: 0CVE-2015-0138 – JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK)
https://notcve.org/view.php?id=CVE-2015-0138
GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. GSKit en IBM Tivoli Directory Server (ITDS) 6.0 anterior a 6.0.0.73-ISS-ITDS-IF0073, 6.1 anterior a 6.1.0.66-ISS-ITDS-IF0066, 6.2 anterior a 6.2.0.42-ISS-ITDS-IF0042, y 6.3 anterior a 6.3.0.35-ISS-ITDS-IF0035 e IBM Security Directory Server (ISDS) 6.3.1 anterior a 6.3.1.9-ISS-ISDS-IF0009 no restringe correctamente las transiciones de estados de TLS, lo que facilita a atacantes remotos realizar ataques de degradación de cifrado sobre los cifrados EXPORT_RSA a través de trafico de TLS manipulado, relacionado con el problema 'FREAK', una vulnerabilidad diferente a CVE-2015-0204. • http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html http://rhn.redhat.com/errata/RHSA-2015-1006.html http://rhn.redhat.com/errata/RHSA-2015-1007.html http://rhn.redhat.com&#x • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.0EPSS: 2%CPEs: 19EXPL: 0CVE-2012-0743
https://notcve.org/view.php?id=CVE-2012-0743
IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request. IBM Tivoli Director Server (TDS) v6.3 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición de búsqueda paginada LDAP mal formada. • http://www-01.ibm.com/support/docview.wss?uid=swg21591267 http://www.ibm.com/support/docview.wss?uid=swg1IO15707 http://www.ibm.com/support/docview.wss?uid=swg1IO16001 http://www.ibm.com/support/docview.wss?uid=swg1IO16002 http://www.securityfocus.com/bid/53043 http://www.securitytracker.com/id? • CWE-399: Resource Management Errors •
CVSS: 6.4EPSS: 0%CPEs: 19EXPL: 0CVE-2012-0726
https://notcve.org/view.php?id=CVE-2012-0726
The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol. La configuración por defecto de TLS en Tivoli Directory Server (TDS) v6.3 y anteriores, soporta los cifrados (1) NULL-MD5 y (2) NULL-SHA, lo que permite a atacantes remotos lanzar comunicaciones no cifradas a través de TLS Handshake Protocol. • http://www-01.ibm.com/support/docview.wss?uid=swg21591272 http://www.ibm.com/support/docview.wss?uid=swg1IO15761 http://www.ibm.com/support/docview.wss?uid=swg1IO16035 http://www.ibm.com/support/docview.wss?uid=swg1IO16036 http://www.securityfocus.com/bid/53043 http://www.securitytracker.com/id? • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 4%CPEs: 3EXPL: 0CVE-2010-2927
https://notcve.org/view.php?id=CVE-2010-2927
The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) before 6.0.0.8-TIV-ITDS-IF0006 allows remote attackers to cause a denial of service (daemon crash) via multiple incomplete DIGEST-MD5 connection attempts. La función slapi_printmessage en IBM Tivoli Directory Server (ITDS) en versiones anteriores a la 6.0.0.8-TIV-ITDS-IF0006, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante múltiples intentos de conexión DIGEST-MD5 incompletos. • http://osvdb.org/66782 http://secunia.com/advisories/40791 http://www-01.ibm.com/support/docview.wss?uid=swg1IO12399 http://www-01.ibm.com/support/docview.wss?uid=swg24027463 http://www.securityfocus.com/bid/42093 https://exchange.xforce.ibmcloud.com/vulnerabilities/60821 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 6CVE-2004-2526 – IBM Tivoli Directory Server 3.2.2/4.1 - LDACGI Directory Traversal
https://notcve.org/view.php?id=CVE-2004-2526
Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter. • https://www.exploit-db.com/exploits/24345 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1311.html http://secunia.com/advisories/10347 http://securitytracker.com/id?1010834 http://www-1.ibm.com/support/docview.wss?uid=isg1IR52692 http://www-1.ibm.com/support/docview.wss?uid=swg1IR53631 http://www.oliverkarow.de/research/IDS_directory_traversal.txt http://www.osvdb.org/8367 http://www.securityfocus.com/bid/10841 https://exchange.xforce.ibmcloud.com/vulnerabilities/16850 •