CVE-2015-3230

critical

Description

389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.

References

https://fedorahosted.org/389/ticket/48194

https://bugzilla.redhat.com/show_bug.cgi?id=1230996

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168985.html

http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-12.html

Details

Source: Mitre, NVD

Published: 2015-10-29

Updated: 2023-02-13

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics