CVE-2012-2191

IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/51279
http://www-01.ibm.com/support/docview.wss?uid=swg1IV31980
http://www-01.ibm.com/support/docview.wss?uid=swg1IV31981
http://www-01.ibm.com/support/docview.wss?uid=swg21606145	Patch Vendor Advisory
http://www.securityfocus.com/bid/54743
https://exchange.xforce.ibmcloud.com/vulnerabilities/75996

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:global_security_kit::::::::
	cpe:2.3:a:ibm:global_security_kit:7.0.4.28:::::::*
	cpe:2.3:a:ibm:global_security_kit:7.0.4.29:::::::*
	cpe:2.3:a:ibm:rational_directory_server::::::::
	cpe:2.3:a:ibm:tivoli_directory_server::::::::

History

No history.

Information

Published : 2012-08-08 10:26

Updated : 2023-12-10 11:16

NVD link : CVE-2012-2191

Mitre link : CVE-2012-2191

CVE.ORG link : CVE-2012-2191

JSON object : View

Products Affected

ibm

global_security_kit
tivoli_directory_server
rational_directory_server

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2012-2191", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-08-08T10:26:18.767", "references": [{"url": "http://secunia.com/advisories/51279", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31980", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31981", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/54743", "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75996", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333."}, {"lang": "es", "value": "IBM Global Security Kit (tambi\u00e9n conocido como GSKit) anterior a v8.0.14.22, cuando es usado en IBM Directory Server Rational de IBM Tivoli Directory Server y otros productos, no valida correctamente los datos durante la ejecuci\u00f3n de un mecanismo de protecci\u00f3n contra el ataque (Vaudenay SSL CBC timing), que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de valores manipulados de la capa de registro TLS, una vulnerabilidad diferente a CVE-2012-2333."}], "lastModified": "2017-08-29T01:31:33.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:global_security_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDD46A9C-9DB2-4B61-BCEA-DC5AB03DCD7E", "versionEndIncluding": "8.0.13"}, {"criteria": "cpe:2.3:a:ibm:global_security_kit:7.0.4.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FD561AD-2421-4AA6-B3C5-6536F6933526"}, {"criteria": "cpe:2.3:a:ibm:global_security_kit:7.0.4.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00E509BA-4B47-4EDE-86DC-2E666D2D74E0"}, {"criteria": "cpe:2.3:a:ibm:rational_directory_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0651DE7C-B8EB-4214-981B-561256C5473A"}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "871E249E-CB31-46A4-9E4F-274C6055C33A"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}