) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.55:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2012-2203 |
IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate. Published: August 08, 2012; 6:26:18 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2012-2191 |
IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333. Published: August 08, 2012; 6:26:18 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2012-0743 |
IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request. Published: April 22, 2012; 2:55:03 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2012-0726 |
The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol. Published: April 22, 2012; 2:55:03 PM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |