Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0726

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2012-0726
Last Modified 18 Dec 2012 11:49:25
Published 22 Apr 2012 02:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0726

Summary

The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol.

Vulnerable Systems

Application

  • Ibm Tivoli Directory Server 3.2.2

  • Ibm Tivoli Directory Server 4.1

  • Ibm Tivoli Directory Server 5.2.0

  • Ibm Tivoli Directory Server 6.0

  • Ibm Tivoli Directory Server 6.0.0

  • Ibm Tivoli Directory Server 6.0.0.69

  • Ibm Tivoli Directory Server 6.0.0.7

  • Ibm Tivoli Directory Server 6.0.0.8

  • Ibm Tivoli Directory Server 6.1.0

  • Ibm Tivoli Directory Server 6.1.0.45

  • Ibm Tivoli Directory Server 6.1.0.46

  • Ibm Tivoli Directory Server 6.1.0.47

  • Ibm Tivoli Directory Server 6.1.0.48

  • Ibm Tivoli Directory Server 6.2.0

  • Ibm Tivoli Directory Server 6.2.0.19

  • Ibm Tivoli Directory Server 6.2.0.20

  • Ibm Tivoli Directory Server 6.2.0.21

  • Ibm Tivoli Directory Server 6.2.0.22

  • Ibm Tivoli Directory Server 6.3.0


References

AIXAPAR - IO16036

AIXAPAR - IO16035

AIXAPAR - IO15761

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21591272

SECTRACK - 1026939

XF - tds-nullcipher-weak-security(74303)


Last Updated: 27 May 2016 10:56:28