Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

IBM Tivoli Directory Server Information Disclosure Vulnerability

 

Systems Affected


IBM Tivoli Directory Server versions 6.0, 6.1, 6.2, 6.3, 6.3.1

Threat Level


Medium


Overview


A FREAK attack vulnerability has been reported in IBM Tivoli Directory Server which could be exploited by a remote attacker to downgrade session security .


Description


This vulnerability exists due to improper SSL/TLS implementations in IBM Tivoli Directory Server.

A remote attacker could successfully exploit this vulnerability through man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers.


Impact



Solution/ Workarounds


Apply appropriate fixes as mentioned in IBM Security Bulletin http://www-01.ibm.com/support/docview.wss?uid=isg3T1022075


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.