Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Directory)  >   IBM Tivoli Directory Server Vendors:   IBM
(IBM Issues Fix for IBM Tivoli Directory Server) IBM Rational ClearQuest Lets Remote Users Spoof SSL Servers
SecurityTracker Alert ID:  1027616
SecurityTracker URL:
CVE Reference:   CVE-2012-2203   (Links to External Site)
Date:  Oct 8 2012
Impact:   Modification of authentication information, Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.0, 6.1, 6.2, 6.3
Description:   A vulnerability was reported in IBM Rational ClearQuest. A remote user can spoof SSL servers. IBM Tivoli Directory Server is affected.

The software does not properly validate SSL LDAP connections. A remote user can spoof an SSL server in certain cases.

The vulnerability resides in the IBM Global Security Kit component.

Impact:   A remote user can spoof SSL servers.
Solution:   IBM has issued a fix for Tivoli Directory Server, which includes the vulnerable GSKit component.

The IBM advisory is available at:

Cause:   Authentication error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Sep 28 2012 IBM Rational ClearQuest Lets Remote Users Spoof SSL Servers

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC