Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM6DC5661D38511C86A87BF7CA7EAC62B30EF83CD0352CD32BE33C0F422A023D6D
HistorySep 15, 2021 - 12:14 p.m.

Security Bulletin: IBM Tivoli Directory Server CPU utilization - shipped with AIX and VIOS (CVE-2014-0963)

2021-09-1512:14:52
www.ibm.com
9

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.068 Low

EPSS

Percentile

92.9%

JSON

Summary

IBM Security Directory Server, formerly known as IBM Tivoli Directory Server, is affected by a problem that is related to the Secure Sockets Layer (SSL) implementation. Some conditions can cause the processor utilization to rapidly increase, resulting in a denial of service.

Vulnerability Details

CVE ID: CVE-2014-0963

CVSS and DESCRIPTION: Please refer to the following link:

IBM Security Directory Server CPU utilization (CVE-2014-0963)

Affected Products and Versions

AIX 5.3, 6.1 and 7.1.
VIOS 2.2.x

Remediation/Fixes

The GSKit package contains a fix and needs to be installed on AIX/VIOS systems.

If your GSKit is older than the corresponding levels that are in the following list, update your GSKit to the specified version, or later. To determine which version of the GSKit component is installed, enter the following command:
lslpp -l | grep -i gsk

The fixes for the GSKit components can be downloaded at the following links:

GSKit V7.0.4.50

GSKit V8.0.14.43

GSKit V8.0.50.20

When you are using GSKitV8, your IBM Security Directory Server or IBM Tivoli Directory Server must be at version 6.3.0.26 or higher. This version avoids a compatibility issue between the IBM Security Directory Server component and the new GSKitV8 fix packs. Refer to the above mentioned link under “CVSS and DESCRIPTIONS”. To determine the installed version of the IBM Security Directory Server, enter the following command:
lslpp -l | grep idsldap

CPENameOperatorVersion
aixeq5.3
aixeq6.1
aixeq7.1
aixeq5.3
aixeq6.1
aixeq7.1

Related

ibm 63
nessus 19
prion 1
cve 1
ibm
ibm
Security Bulletin: A security vulnerability has been identified in IBM Tivoli Monitoring shipped with WebSphere Remote Server (CVE-2014-0963)
2018-06-15 07:00:51
Security Bulletin: IBM Informix Client SDK CPU utilization (CVE-2014-0963)
2018-06-16 14:12:00
Security Bulletin: Security vulnerabilities have been identified in an IBM® Tivoli Monitoring shared component shipped with Tivoli Storage Productivity Center and System Storage Productivity Center (CVE-2014-0963)
2022-08-19 23:26:06
nessus
nessus
Informix Server GSKit 7.x < 7.0.4.50 / 8.0.50.x < 8.0.50.20 SSL CPU Utilization DoS
2015-01-13 00:00:00
IBM HTTP Server 8.5.0.0 <= 8.5.5.2 / 8.0.0.0 <= 8.0.0.8 / 7.0.0.0 <= 7.0.0.31 / 6.1.0.0 <= 6.1.0.47 / 6.0.0.0 <= 6.0.2.43 (509677)
2020-12-15 00:00:00
IBM Security Directory Server < 6.1.0.61 / 6.2.0.36 / 6.3.0.30 / 6.3.1.2 with GSKit < 7.0.4.50 / 8.0.50.20 SSL CPU Utilization DoS
2015-01-13 00:00:00
prion
prion
Authentication flaw
2014-05-08 10:55:00
cve
cve
CVE-2014-0963
2014-05-08 10:55:00

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.068 Low

EPSS

Percentile

92.9%

JSON
Related for 6DC5661D38511C86A87BF7CA7EAC62B30EF83CD0352CD32BE33C0F422A023D6D
ibm63nessus19prion1cve1