This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ibm First view 2012-04-22
Product Tivoli Directory Server Last view 2017-02-08
Version 6.2.0.21 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ibm:tivoli_directory_server

Activity : Overall

Related : CVE

  Date Alert Description
5.5 2017-02-08 CVE-2015-1976

IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash.
7.5 2016-07-15 CVE-2015-1977

Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
4.3 2015-03-24 CVE-2015-0138

GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
3.5 2014-10-18 CVE-2014-6100

Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
5 2012-04-22 CVE-2012-0743

IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request.
4.3 2012-04-22 CVE-2012-0740

Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6.4 2012-04-22 CVE-2012-0726

The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol.

CWE : Common Weakness Enumeration

%idName
28% (2) CWE-310 Cryptographic Issues
28% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
14% (1) CWE-399 Resource Management Errors
14% (1) CWE-284 Access Control (Authorization) Issues
14% (1) CWE-200 Information Exposure

Nessus® Vulnerability Scanner

id Description
2015-09-18 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_105fp6.nasl - Type: ACT_GATHER_INFO
2015-07-18 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_97fp10_multi_vuln.nasl - Type: ACT_GATHER_INFO
2015-07-18 Name: The remote database server is affected by multiple vulnerabilities.
File: db2_101fp5.nasl - Type: ACT_GATHER_INFO
2015-07-09 Name: The remote application server is affected by multiple vulnerabilities.
File: websphere_8_5_5_6.nasl - Type: ACT_GATHER_INFO
2015-06-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1086-4.nasl - Type: ACT_GATHER_INFO
2015-06-26 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1138-1.nasl - Type: ACT_GATHER_INFO
2015-06-26 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1086-3.nasl - Type: ACT_GATHER_INFO
2015-06-23 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1086-2.nasl - Type: ACT_GATHER_INFO
2015-06-19 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1086-1.nasl - Type: ACT_GATHER_INFO
2015-06-19 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1085-1.nasl - Type: ACT_GATHER_INFO
2015-06-18 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1073-1.nasl - Type: ACT_GATHER_INFO
2015-06-12 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-1091.nasl - Type: ACT_GATHER_INFO
2015-06-10 Name: The remote AIX host has a version of Java SDK installed that is affected by m...
File: aix_java_april2015_advisory.nasl - Type: ACT_GATHER_INFO
2015-05-21 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-1021.nasl - Type: ACT_GATHER_INFO
2015-05-21 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-1020.nasl - Type: ACT_GATHER_INFO
2015-05-13 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-1007.nasl - Type: ACT_GATHER_INFO
2015-05-13 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-1006.nasl - Type: ACT_GATHER_INFO
2015-04-30 Name: The remote AIX host has a version of Java SDK installed that is affected by m...
File: aix_java_apr2015_advisory.nasl - Type: ACT_GATHER_INFO
2012-10-17 Name: The remote IBM Tivoli Directory Server contains an information disclosure vul...
File: tivoli_directory_srv_null_cipher.nasl - Type: ACT_GATHER_INFO
2012-04-20 Name: The version of IBM Tivoli Directory Server contains multiple security vulnera...
File: tivoli_directory_svr_63011.nasl - Type: ACT_GATHER_INFO
2012-04-20 Name: The remote web server hosts a web application that is affected by a cross-sit...
File: tivoli_directory_srv_web_admin_xss.nasl - Type: ACT_GATHER_INFO