15 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 140EXPL: 0

GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. GSKit en IBM Tivoli Directory Server (ITDS) 6.0 anterior a 6.0.0.73-ISS-ITDS-IF0073, 6.1 anterior a 6.1.0.66-ISS-ITDS-IF0066, 6.2 anterior a 6.2.0.42-ISS-ITDS-IF0042, y 6.3 anterior a 6.3.0.35-ISS-ITDS-IF0035 e IBM Security Directory Server (ISDS) 6.3.1 anterior a 6.3.1.9-ISS-ISDS-IF0009 no restringe correctamente las transiciones de estados de TLS, lo que facilita a atacantes remotos realizar ataques de degradación de cifrado sobre los cifrados EXPORT_RSA a través de trafico de TLS manipulado, relacionado con el problema 'FREAK', una vulnerabilidad diferente a CVE-2015-0204. • http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html http://rhn.redhat.com/errata/RHSA-2015-1006.html http://rhn.redhat.com/errata/RHSA-2015-1007.html http://rhn.redhat.com&#x • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 5.0EPSS: 2%CPEs: 19EXPL: 0

IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request. IBM Tivoli Director Server (TDS) v6.3 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición de búsqueda paginada LDAP mal formada. • http://www-01.ibm.com/support/docview.wss?uid=swg21591267 http://www.ibm.com/support/docview.wss?uid=swg1IO15707 http://www.ibm.com/support/docview.wss?uid=swg1IO16001 http://www.ibm.com/support/docview.wss?uid=swg1IO16002 http://www.securityfocus.com/bid/53043 http://www.securitytracker.com/id? • CWE-399: Resource Management Errors •

CVSS: 6.4EPSS: 0%CPEs: 19EXPL: 0

The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol. La configuración por defecto de TLS en Tivoli Directory Server (TDS) v6.3 y anteriores, soporta los cifrados (1) NULL-MD5 y (2) NULL-SHA, lo que permite a atacantes remotos lanzar comunicaciones no cifradas a través de TLS Handshake Protocol. • http://www-01.ibm.com/support/docview.wss?uid=swg21591272 http://www.ibm.com/support/docview.wss?uid=swg1IO15761 http://www.ibm.com/support/docview.wss?uid=swg1IO16035 http://www.ibm.com/support/docview.wss?uid=swg1IO16036 http://www.securityfocus.com/bid/53043 http://www.securitytracker.com/id? • CWE-310: Cryptographic Issues •

CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0

Memory leak in the ldap_explode_rdn API function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allows remote authenticated users to cause a denial of service (memory consumption) by making many function calls. Fuga de memoria en la función API ldap_explode_rdn en IBM Tivoli Directory Server (TDS) v5.2 anterior a v5.2.0.5-ITV-ITDS-LA0007) permite a usuarios remotos autenticados causar una denegación de servicio (consumo de memoria) haciendo muchas llamadas de función. • http://www.ibm.com/support/docview.wss?uid=swg1IO09680 http://www.ibm.com/support/docview.wss?uid=swg24029663 • CWE-399: Resource Management Errors •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitive information by reading this log. La implementación LDAP_ADD en IBM Tivoli Directory Server (TDS) v5.2 anterior a v5.2.0.5TIV-ITDS-IF0009 almacena una contraseña SHA sin cifrar en el registro de cambios, lo que podría permitir a usuarios locales obtener información sensible mediante la lectura de este registro. • http://www.ibm.com/support/docview.wss?uid=swg1IO11882 http://www.ibm.com/support/docview.wss?uid=swg24029663 • CWE-255: Credentials Management Errors •