TLS Vulnerability in IBM Tivoli and Security Directory Servers
CVE-2015-0138

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Directory Server
Vendor: CVE Published:; 25 March 2015

Summary

A vulnerability exists in the GSKit component of IBM Tivoli Directory Server and IBM Security Directory Server that improperly restricts TLS state transitions. This flaw allows remote attackers to exploit the system through crafted TLS traffic, facilitating cipher-downgrade attacks to weaker EXPORT_RSA ciphers. These transitions are related to known issues like the 'FREAK' vulnerability, impacting the security of encrypted communications.

References

http://rhn.redhat.com/errata/RHSA-2015-1007.html

vendor-advisoryx_refsource_REDHAT

http://www.securityfocus.com/bid/73326

vdb-entryx_refsource_BID

http://rhn.redhat.com/errata/RHSA-2015-1006.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Mar 25, 2015
Vulnerability Reserved
Nov 18, 2014