Denial of Service Vulnerability in IBM Global Security Kit and Related Products
CVE-2012-2191

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Directory Server; Tivoli Directory Server; Global Security Kit
Vendor: CVE Published:; 8 August 2012

Summary

The IBM Global Security Kit, found in several IBM products like the Rational and Tivoli Directory Servers, has a vulnerability that fails to adequately validate data during the execution of a protection mechanism against the Vaudenay SSL CBC timing attack. This oversight could allow remote attackers to introduce crafted input into the TLS Record Layer, potentially causing the application to crash. Organizations using affected versions need to apply updates to mitigate risks associated with this vulnerability.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV31980

vendor-advisoryx_refsource_AIXAPAR

http://secunia.com/advisories/51279

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/75996

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 8, 2012
Vulnerability Reserved
Apr 4, 2012