CVE-2015-0138

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.

References

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html

http://rhn.redhat.com/errata/RHSA-2015-1006.html

http://rhn.redhat.com/errata/RHSA-2015-1007.html

http://rhn.redhat.com/errata/RHSA-2015-1020.html

http://rhn.redhat.com/errata/RHSA-2015-1021.html

http://rhn.redhat.com/errata/RHSA-2015-1091.html

http://www.securityfocus.com/bid/73326

http://www-01.ibm.com/support/docview.wss?uid=swg21698703

http://www-01.ibm.com/support/docview.wss?uid=swg21883640

Details

Source: MITRE

Published: 2015-03-25

Updated: 2017-01-03

Type: CWE-310

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:* versions up to 6.0.0.73 (inclusive)

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.12:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.13:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.14:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.15:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.17:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.18:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.19:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.20:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.21:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.22:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.23:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.24:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.25:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.26:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.27:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.28:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.29:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.30:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.31:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.32:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.33:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.34:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.35:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.36:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.37:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.38:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.39:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.40:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.41:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.42:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.43:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.44:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.45:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.46:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.47:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.48:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.49:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.50:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.51:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.52:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.53:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.54:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.55:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.56:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.57:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.58:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.59:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.60:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.61:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.62:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.63:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.64:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.65:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.66:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.12:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.13:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.14:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.15:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.19:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.20:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.21:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.22:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.23:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.24:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.25:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.26:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.27:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.29:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.30:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.31:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.32:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.33:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.34:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.35:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.36:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.37:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.38:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.39:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.40:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.41:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.42:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.12:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.14:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.15:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.17:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.18:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.19:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.21:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.22:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.23:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.24:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.25:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.26:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.27:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.28:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.29:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.30:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.31:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.32:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.33:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.34:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.35:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.9:*:*:*:*:*:*:*

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
144287IBM HTTP Server 8.5.0.0 <= 8.5.5.5 / 8.0.0.0 <= 8.0.0.10 / 7.0.0.0 <= 7.0.0.37 / 6.1.0.0 <= 6.1.0.47 / 6.0.0.0 <= 6.0.2.43 (257477)NessusWeb Servers
medium
119967SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2015:1161-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
9716IBM WebSphere Application Server 8.5 < 8.5.5.6 Multiple Vulnerabilities (FREAK)Nessus Network MonitorWeb Servers
high
9713IBM WebSphere Application Server 8.0 < 8.0.0.11 Multiple Vulnerabilities (FREAK)Nessus Network MonitorWeb Servers
high
9700IBM WebSphere Application Server 7.0 < 7.0.0.39 Multiple Vulnerabilities (FREAK)Nessus Network MonitorWeb Servers
high
9198IBM DB2 10.5 < Fix Pack 6 Multiple Vulnerabilities (Bar Mitzvah)Nessus Network MonitorDatabase
critical
9197IBM DB2 10.1 < Fix Pack 5 Multiple Vulnerabilities (Bar Mitzvah)Nessus Network MonitorDatabase
critical
86002IBM DB2 10.5 < Fix Pack 6 Multiple Vulnerabilities (Bar Mitzvah)NessusDatabases
critical
84828IBM DB2 9.7 < Fix Pack 11 Multiple Vulnerabilities (Bar Mitzvah) (FREAK) (TLS POODLE)NessusDatabases
high
84826IBM DB2 10.1 < Fix Pack 5 Multiple Vulnerabilities (Bar Mitzvah)NessusDatabases
critical
84639IBM WebSphere Application Server 7.0 < 7.0.0.39 (FP39) / 8.0 < 8.0.0.11 (FP11) / 8.5 < 8.5.5.6 (FP6) Multiple Vulnerabilities (Bar Mitzvah) (FREAK)NessusWeb Servers
high
84441SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2015:1086-4) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84425SUSE SLES10 Security Update : IBM Java (SUSE-SU-2015:1138-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84423SUSE SLES11 Security Update : Java (SUSE-SU-2015:1086-3) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84337SUSE SLES11 Security Update : IBM Java (SUSE-SU-2015:1086-2) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84286SUSE SLES11 Security Update : IBM Java (SUSE-SU-2015:1086-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84285SUSE SLES10 Security Update : IBM Java (SUSE-SU-2015:1085-1) (Bar Mitzvah) (FREAK)NessusSuSE Local Security Checks
critical
84260SUSE SLES12 Security Update : java-1_7_0-ibm (SUSE-SU-2015:1073-1) (Bar Mitzvah)NessusSuSE Local Security Checks
critical
84143RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:1091) (Bar Mitzvah)NessusRed Hat Local Security Checks
critical
84087AIX Java Advisory : java_april2015_advisory.asc (Bar Mitzvah) (FREAK)NessusAIX Local Security Checks
critical
83754RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2015:1021) (Bar Mitzvah)NessusRed Hat Local Security Checks
critical
83753RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2015:1020) (Bar Mitzvah)NessusRed Hat Local Security Checks
critical
83433RHEL 5 : java-1.7.0-ibm (RHSA-2015:1007) (Bar Mitzvah)NessusRed Hat Local Security Checks
critical
83432RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2015:1006) (Bar Mitzvah)NessusRed Hat Local Security Checks
critical
83135AIX Java Advisory : Multiple Vulnerabilities (Bar Mitzvah)NessusAIX Local Security Checks
medium