IBM04DA34BA88CB3EF6D58DC21E20CBAD26F394A7D6DEC602076E89B5AD359D9616Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (CVE-2015-0488, CVE-2015-1916)
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Summary
There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 6 that is used by Rational Directory Server. These issues were disclosed as part of the IBM Java SDK updates in April 2015.
Vulnerability Details
CVEID: CVE-2015-0488**
DESCRIPTION:** An unspecified vulnerability related to the JSSE component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102336> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID:CVE-2015-1916**
DESCRIPTION:** Server applications which use the IBM Java Secure Socket Extension provider to accept SSL/TLS connections are vulnerable to a denial of service attack due to an unspecified vulnerability.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101995> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Affected Products and Versions
Product
| Version
—|—
Rational Directory Server (Tivoli) | 5.2 - 5.2.1_iFix007
Rational Directory Server (Apache)| 5.1.1 - 5.1.1.2_iFix008
Remediation/Fixes
Product
| Download link
—|—
IBM Rational Directory Server 5.2 (Tivoli) and above| RDS_5.2.1_iFix08
IBM Rational Directory Server 5.1.1 (Apache) and above| RDS_5.1.1.2_iFix09
Workarounds and Mitigations
None
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P