CVE-2012-2191 - OpenCVE

IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Global Security Kit Rational Directory Server Tivoli Directory Server

Configuration 1 [-]

OR	cpe:2.3:a:ibm:global_security_kit::::::::
	cpe:2.3:a:ibm:global_security_kit:7.0.4.28:::::::*
	cpe:2.3:a:ibm:global_security_kit:7.0.4.29:::::::*
	cpe:2.3:a:ibm:rational_directory_server::::::::
	cpe:2.3:a:ibm:tivoli_directory_server::::::::

No data.

References

Link	Providers
http://secunia.com/advisories/51279
http://www-01.ibm.com/support/docview.wss?uid=swg1IV31980
http://www-01.ibm.com/support/docview.wss?uid=swg1IV31981
http://www-01.ibm.com/support/docview.wss?uid=swg21606145
http://www.securityfocus.com/bid/54743
https://exchange.xforce.ibmcloud.com/vulnerabilities/75996

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2012-08-08T10:00:00

Updated: 2024-08-06T19:26:09.007Z

Reserved: 2012-04-04T00:00:00

Link: CVE-2012-2191

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-08-08T10:26:18.767

Modified: 2017-08-29T01:31:33.430

Link: CVE-2012-2191

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-07-31T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "IV31980", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31980"}, {"name": "51279", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51279"}, {"name": "rds-recordlayer-dos(75996)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75996"}, {"name": "54743", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/54743"}, {"name": "IV31981", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31981"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-2191", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "IV31980", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31980"}, {"name": "51279", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51279"}, {"name": "rds-recordlayer-dos(75996)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75996"}, {"name": "54743", "refsource": "BID", "url": "http://www.securityfocus.com/bid/54743"}, {"name": "IV31981", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31981"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:26:09.007Z"}, "title": "CVE Program Container", "references": [{"name": "IV31980", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31980"}, {"name": "51279", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51279"}, {"name": "rds-recordlayer-dos(75996)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75996"}, {"name": "54743", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/54743"}, {"name": "IV31981", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31981"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-2191", "datePublished": "2012-08-08T10:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2024-08-06T19:26:09.007Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:global_security_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDD46A9C-9DB2-4B61-BCEA-DC5AB03DCD7E", "versionEndIncluding": "8.0.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:global_security_kit:7.0.4.28:*:*:*:*:*:*:*", "matchCriteriaId": "2FD561AD-2421-4AA6-B3C5-6536F6933526", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:global_security_kit:7.0.4.29:*:*:*:*:*:*:*", "matchCriteriaId": "00E509BA-4B47-4EDE-86DC-2E666D2D74E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:rational_directory_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "0651DE7C-B8EB-4214-981B-561256C5473A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "871E249E-CB31-46A4-9E4F-274C6055C33A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333."}, {"lang": "es", "value": "IBM Global Security Kit (tambi\u00e9n conocido como GSKit) anterior a v8.0.14.22, cuando es usado en IBM Directory Server Rational de IBM Tivoli Directory Server y otros productos, no valida correctamente los datos durante la ejecuci\u00f3n de un mecanismo de protecci\u00f3n contra el ataque (Vaudenay SSL CBC timing), que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de valores manipulados de la capa de registro TLS, una vulnerabilidad diferente a CVE-2012-2333."}], "id": "CVE-2012-2191", "lastModified": "2017-08-29T01:31:33.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-08T10:26:18.767", "references": [{"source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/51279"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31980"}, {"source": "psirt@us.ibm.com", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV31981"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606145"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/54743"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75996"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}