IBM Tivoli Directory Server 6.0.x / 6.1 < 6.1.0.58 / 6.2 < 6.2.0.33 / 6.3 < 6.3.0.25 Javadoc Frame Injection

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The version of IBM Tivoli Directory Server is affected by a frame
injection vulnerability.

Description :

According to its version, the installation of IBM Tivoli Directory
Server on the remote host is 6.0.x or 6.1 < 6.1.0.58 / 6.2 < 6.2.0.33
/ 6.3 < 6.3.0.25. It is, therefore, affected by an error related to
the included Java version and input-validation that allows an attacker
to inject HTML frames into documents created by Javadoc.

See also :

https://www-304.ibm.com/support/docview.wss?uid=swg21642915
http://www-01.ibm.com/support/docview.wss?uid=swg24035907
http://www-01.ibm.com/support/docview.wss?uid=swg24035908
http://www-01.ibm.com/support/docview.wss?uid=swg24035909

Solution :

Install the appropriate fix based on the vendor's advisory :

- 6.1.0.58-ISS-ITDS-IF0058
- 6.2.0.33-ISS-ITDS-IF0033
- 6.3.0.25-ISS-ITDS-IF0025

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 74369 ()

Bugtraq ID: 60634

CVE ID: CVE-2013-1571

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now