IBM Tivoli Directory Server < / / Multiple Vulnerabilities (credentialed check)

Medium Nessus Plugin ID 58814


The version of IBM Tivoli Directory Server contains multiple security vulnerabilities.


According to its version, the installation of IBM Tivoli Directory Server on the remote host is prior to / / It is, therefore, affected by one or more of the following vulnerabilities :

- A custom LDAP client can be created which causes IBM Tivoli Directory Server to crash by sending a malformed paged search request. (IO15707, IO16001, IO16002)

- In the default Tivoli Directory Server environment, with TLS enabled, the NULL-MD5, and NULL-SHA ciphers are enabled by default. (IO16035, IO16036, IOO15761)


Install the appropriate fix based on the vendor's advisory :


See Also

Plugin Details

Severity: Medium

ID: 58814

File Name: tivoli_directory_svr_63011.nasl

Version: $Revision: 1.6 $

Type: local

Agent: windows

Family: Windows

Published: 2012/04/20

Modified: 2015/01/14

Dependencies: 58813

Risk Information

Risk Factor: Medium


Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_directory_server

Required KB Items: installed_sw/IBM Security Directory Server

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/04/16

Vulnerability Publication Date: 2012/04/16

Reference Information

CVE: CVE-2012-0726, CVE-2012-0743

BID: 53043

OSVDB: 81356, 81357