CVSS: 7.5EPSS: 3%CPEs: 8EXPL: 0CVE-2013-6747
https://notcve.org/view.php?id=CVE-2013-6747
27 Jan 2014 — IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM Security Directory Server (ISDS) and Tivoli Directory Server (TDS), allows remote attackers to cause a denial of service (application crash or hang) via a malformed X.509 certificate chain. IBM GSKit 7.x anterior a la versión 7.0.4.48 y 8.x anterior a 8.0.50.16, tal como se usa en IBM Security Directory Server (ISDS) y Tivoli Directory Server (TDS), permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación o... • http://osvdb.org/102556 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 5EXPL: 0CVE-2012-2191
https://notcve.org/view.php?id=CVE-2012-2191
08 Aug 2012 — IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333. IBM Global Security Kit (también conocido como GSKit) anterior a v8.0.14.22, cu... • http://secunia.com/advisories/51279 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2012-2203
https://notcve.org/view.php?id=CVE-2012-2203
08 Aug 2012 — IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate. IBM Global Security Kit (también conocido como GSKit) anterior a v8.0.14.22, como se utiliza en IBM Directory Server Rat... • http://secunia.com/advisories/51279 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.4EPSS: 0%CPEs: 19EXPL: 0CVE-2012-0726
https://notcve.org/view.php?id=CVE-2012-0726
22 Apr 2012 — The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol. La configuración por defecto de TLS en Tivoli Directory Server (TDS) v6.3 y anteriores, soporta los cifrados (1) NULL-MD5 y (2) NULL-SHA, lo que permite a atacantes remotos lanzar comunicaciones no cifradas a través de TLS Handshake Protocol. • http://www-01.ibm.com/support/docview.wss?uid=swg21591272 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2012-0740
https://notcve.org/view.php?id=CVE-2012-0740
22 Apr 2012 — Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Web Admin Tool ien IBM Tivoli Directory Server (TDS) v6.2 antes de v6.2.0.22 y v6.3 antes de v6.3.0.11, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no espec... • http://www-01.ibm.com/support/docview.wss?uid=swg24032290 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 19EXPL: 0CVE-2012-0743
https://notcve.org/view.php?id=CVE-2012-0743
22 Apr 2012 — IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request. IBM Tivoli Director Server (TDS) v6.3 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición de búsqueda paginada LDAP mal formada. • http://www-01.ibm.com/support/docview.wss?uid=swg21591267 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2011-2758
https://notcve.org/view.php?id=CVE-2011-2758
17 Jul 2011 — IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remote attackers to obtain sensitive information via a crafted URL. La herramienta de administración Web de IBM Tivoli Directory Server (TDS) v6.2 y anteriores a 6.2.0.3-TIV-ITDS-IF0004, IDSWebApp, no requiere autenticación para el acceso a los archivos del servidor LDAP de registro, que permite a atacantes remotos ... • http://secunia.com/advisories/45107 • CWE-287: Improper Authentication •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2011-2759
https://notcve.org/view.php?id=CVE-2011-2759
17 Jul 2011 — The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. En la herramienta de administración Web de IBM Tivoli Directory Server (TDS) v6.2 y anteriores a 6.2.0.3-TIV-ITDS-IF0004, La página de inicio de sesión IDSWebApp, no tiene un atributo de autocompletar para los... • http://www.ibm.com/support/docview.wss?crawler=1&uid=swg1IO14165 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-6742
https://notcve.org/view.php?id=CVE-2007-6742
21 Apr 2011 — The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0006 does not properly perform certain sub filter parsing, which allows remote authenticated users to cause a denial of service (infinite loop) via a malformed search filter. La función get_filter_list en IBM Tivoli Directory Server (TDS) v5.2 anterior a v5.2.0.5-ITV-ITDS-LA0006 no realiza correctamente el análisis sintáctico de algunos subfiltros, lo que permite a usuarios remotos autenticados provocar una deneg... • http://www.ibm.com/support/docview.wss?uid=swg1IO07450 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-6743
https://notcve.org/view.php?id=CVE-2007-6743
21 Apr 2011 — Double free vulnerability in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0005 allows remote authenticated users to cause a denial of service (ABEND) via search operations that trigger recursive filter_free calls. Vulnerabilidad de doble liberación en IBM Tivoli Directory Server (TDS) v5.2 anterior a v5.2.0.5-ITV-ITDS-LA0005 permite a usuarios remotos autenticados causar una denegación de servicio (ABEND) a través de las operaciones de búsqueda que provocan las llamadas recursivas filter_... • http://www.ibm.com/support/docview.wss?uid=swg1IO07174 • CWE-399: Resource Management Errors •