Lucene search

K
ibmIBM04DA34BA88CB3EF6D58DC21E20CBAD26F394A7D6DEC602076E89B5AD359D9616
HistoryJun 17, 2018 - 5:02 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (CVE-2015-0488, CVE-2015-1916)

2018-06-1705:02:39
www.ibm.com
13

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Summary

There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 6 that is used by Rational Directory Server. These issues were disclosed as part of the IBM Java SDK updates in April 2015.

Vulnerability Details

CVEID: CVE-2015-0488**
DESCRIPTION:** An unspecified vulnerability related to the JSSE component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102336&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID:CVE-2015-1916**
DESCRIPTION:** Server applications which use the IBM Java Secure Socket Extension provider to accept SSL/TLS connections are vulnerable to a denial of service attack due to an unspecified vulnerability.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101995&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Product

| Version
—|—
Rational Directory Server (Tivoli) | 5.2 - 5.2.1_iFix007
Rational Directory Server (Apache)| 5.1.1 - 5.1.1.2_iFix008

Remediation/Fixes

Product

| Download link
—|—
IBM Rational Directory Server 5.2 (Tivoli) and above| RDS_5.2.1_iFix08
IBM Rational Directory Server 5.1.1 (Apache) and above| RDS_5.1.1.2_iFix09

Workarounds and Mitigations

None

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P