Summary
Detail | |||
---|---|---|---|
Vendor | Ibm | First view | 2012-04-22 |
Product | Tivoli Directory Server | Last view | 2017-02-08 |
Version | 6.2.0.21 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:ibm:tivoli_directory_server |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.5 | 2017-02-08 | CVE-2015-1976 | IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. |
7.5 | 2016-07-15 | CVE-2015-1977 | Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. |
4.3 | 2015-03-24 | CVE-2015-0138 | GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. |
3.5 | 2014-10-18 | CVE-2014-6100 | Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
5 | 2012-04-22 | CVE-2012-0743 | IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request. |
4.3 | 2012-04-22 | CVE-2012-0740 | Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
6.4 | 2012-04-22 | CVE-2012-0726 | The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
28% (2) | CWE-310 | Cryptographic Issues |
28% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
14% (1) | CWE-399 | Resource Management Errors |
14% (1) | CWE-284 | Access Control (Authorization) Issues |
14% (1) | CWE-200 | Information Exposure |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2015-09-18 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_105fp6.nasl - Type: ACT_GATHER_INFO |
2015-07-18 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_97fp10_multi_vuln.nasl - Type: ACT_GATHER_INFO |
2015-07-18 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_101fp5.nasl - Type: ACT_GATHER_INFO |
2015-07-09 | Name: The remote application server is affected by multiple vulnerabilities. File: websphere_8_5_5_6.nasl - Type: ACT_GATHER_INFO |
2015-06-29 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1086-4.nasl - Type: ACT_GATHER_INFO |
2015-06-26 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1138-1.nasl - Type: ACT_GATHER_INFO |
2015-06-26 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1086-3.nasl - Type: ACT_GATHER_INFO |
2015-06-23 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1086-2.nasl - Type: ACT_GATHER_INFO |
2015-06-19 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1086-1.nasl - Type: ACT_GATHER_INFO |
2015-06-19 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1085-1.nasl - Type: ACT_GATHER_INFO |
2015-06-18 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1073-1.nasl - Type: ACT_GATHER_INFO |
2015-06-12 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-1091.nasl - Type: ACT_GATHER_INFO |
2015-06-10 | Name: The remote AIX host has a version of Java SDK installed that is affected by m... File: aix_java_april2015_advisory.nasl - Type: ACT_GATHER_INFO |
2015-05-21 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-1021.nasl - Type: ACT_GATHER_INFO |
2015-05-21 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-1020.nasl - Type: ACT_GATHER_INFO |
2015-05-13 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-1007.nasl - Type: ACT_GATHER_INFO |
2015-05-13 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2015-1006.nasl - Type: ACT_GATHER_INFO |
2015-04-30 | Name: The remote AIX host has a version of Java SDK installed that is affected by m... File: aix_java_apr2015_advisory.nasl - Type: ACT_GATHER_INFO |
2012-10-17 | Name: The remote IBM Tivoli Directory Server contains an information disclosure vul... File: tivoli_directory_srv_null_cipher.nasl - Type: ACT_GATHER_INFO |
2012-04-20 | Name: The version of IBM Tivoli Directory Server contains multiple security vulnera... File: tivoli_directory_svr_63011.nasl - Type: ACT_GATHER_INFO |
2012-04-20 | Name: The remote web server hosts a web application that is affected by a cross-sit... File: tivoli_directory_srv_web_admin_xss.nasl - Type: ACT_GATHER_INFO |