IBM Tivoli Directory Server < 188.8.131.52 / 184.108.40.206 / 220.127.116.11 Multiple Vulnerabilities (credentialed check)
Medium Nessus Plugin ID 58814
SynopsisThe version of IBM Tivoli Directory Server contains multiple security vulnerabilities.
DescriptionAccording to its version, the installation of IBM Tivoli Directory Server on the remote host is prior to 18.104.22.168 / 22.214.171.124 / 126.96.36.199. It is, therefore, affected by one or more of the following vulnerabilities :
- A custom LDAP client can be created which causes IBM Tivoli Directory Server to crash by sending a malformed paged search request. (IO15707, IO16001, IO16002)
- In the default Tivoli Directory Server environment, with TLS enabled, the NULL-MD5, and NULL-SHA ciphers are enabled by default. (IO16035, IO16036, IOO15761)
SolutionInstall the appropriate fix based on the vendor's advisory :