IBM Tivoli Directory Server 6.2 < 6.2.0.29 / 6.3 < 6.3.0.21 SSL / TLS DoS

medium Nessus Plugin ID 66256

Synopsis

The version of IBM Tivoli Directory Server is affected by a denial of service vulnerability.

Description

According to its version, the installation of IBM Tivoli Directory Server on the remote host is 6.2.x prior to 6.2.0.29 or 6.3.x prior to 6.3.0.21. It is, therefore, affected by a denial of service vulnerability. It is possible for a connection to fail to time-out while waiting for incoming data from the client on an SSL/TLS connection.

Solution

Install the appropriate fix based on the vendor's advisory :

- 6.2.0.29-ISS-ITDS-IF0029
- 6.3.0.21-ISS-ITDS-IF0021

See Also

http://www.nessus.org/u?f258fb4c

https://www-304.ibm.com/support/docview.wss?uid=swg21631687

Plugin Details

Severity: Medium

ID: 66256

File Name: tivoli_directory_svr_63021.nasl

Version: 1.5

Type: local

Agent: windows

Family: Windows

Published: 4/29/2013

Updated: 11/27/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_directory_server

Required KB Items: installed_sw/IBM Security Directory Server

Exploit Ease: No known exploits are available

Patch Publication Date: 3/29/2013

Vulnerability Publication Date: 3/29/2013

Reference Information

CVE: CVE-2013-0556