CVE-2012-2191

IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:global_security_kit:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:global_security_kit:7.0.4.28:*:*:*:*:*:*:*
cpe:2.3:a:ibm:global_security_kit:7.0.4.29:*:*:*:*:*:*:*
cpe:2.3:a:ibm:rational_directory_server:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-08-08 10:26

Updated : 2023-12-10 11:16


NVD link : CVE-2012-2191

Mitre link : CVE-2012-2191

CVE.ORG link : CVE-2012-2191


JSON object : View

Products Affected

ibm

  • global_security_kit
  • tivoli_directory_server
  • rational_directory_server
CWE
CWE-20

Improper Input Validation