CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
93.9%
IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | global_security_kit | 7.0.4.29 | cpe:/a:ibm:global_security_kit:7.0.4.29::: |
ibm | rational_directory_server | cpe:/a:ibm:rational_directory_server:::: | |
ibm | tivoli_directory_server | cpe:/a:ibm:tivoli_directory_server:::: | |
ibm | global_security_kit | 7.0.4.28 | cpe:/a:ibm:global_security_kit:7.0.4.28::: |
ibm | global_security_kit | cpe:/a:ibm:global_security_kit:::: |
More