CVE-2012-2191
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333.
IBM Global Security Kit (también conocido como GSKit) anterior a v8.0.14.22, cuando es usado en IBM Directory Server Rational de IBM Tivoli Directory Server y otros productos, no valida correctamente los datos durante la ejecución de un mecanismo de protección contra el ataque (Vaudenay SSL CBC timing), que permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de valores manipulados de la capa de registro TLS, una vulnerabilidad diferente a CVE-2012-2333.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-04-04 CVE Reserved
- 2012-08-08 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/51279 | Third Party Advisory | |
| http://www.securityfocus.com/bid/54743 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75996 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21606145 | 2017-08-29 |
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV31980 | 2017-08-29 | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV31981 | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Global Security Kit Search vendor "Ibm" for product "Global Security Kit" | <= 8.0.13 Search vendor "Ibm" for product "Global Security Kit" and version " <= 8.0.13" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Global Security Kit Search vendor "Ibm" for product "Global Security Kit" | 7.0.4.28 Search vendor "Ibm" for product "Global Security Kit" and version "7.0.4.28" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Global Security Kit Search vendor "Ibm" for product "Global Security Kit" | 7.0.4.29 Search vendor "Ibm" for product "Global Security Kit" and version "7.0.4.29" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Rational Directory Server Search vendor "Ibm" for product "Rational Directory Server" | * | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Directory Server Search vendor "Ibm" for product "Tivoli Directory Server" | * | - |
Affected
| ||||||