cvelistv5 - CVE-2012-0726

CVE-2012-0726

Vulnerability from cvelistv5

Published

2012-04-22 18:00

Modified

2024-08-06 18:38

Severity ?

Summary

The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol.

References

▼	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21591272
	psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg1IO15761
	psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg1IO16035
	psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg1IO16036
	psirt@us.ibm.com	http://www.securityfocus.com/bid/53043
	psirt@us.ibm.com	http://www.securitytracker.com/id?1026939
	psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/74303
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21591272
	af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg1IO15761
	af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg1IO16035
	af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg1IO16036
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/53043
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026939
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/74303

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:38:13.444Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IO15761",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO15761"
          },
          {
            "name": "tds-nullcipher-weak-security(74303)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74303"
          },
          {
            "name": "1026939",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026939"
          },
          {
            "name": "IO16036",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO16036"
          },
          {
            "name": "53043",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53043"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21591272"
          },
          {
            "name": "IO16035",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO16035"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-18T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "IO15761",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO15761"
        },
        {
          "name": "tds-nullcipher-weak-security(74303)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74303"
        },
        {
          "name": "1026939",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026939"
        },
        {
          "name": "IO16036",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO16036"
        },
        {
          "name": "53043",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53043"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21591272"
        },
        {
          "name": "IO16035",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO16035"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0726",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IO15761",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO15761"
            },
            {
              "name": "tds-nullcipher-weak-security(74303)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74303"
            },
            {
              "name": "1026939",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026939"
            },
            {
              "name": "IO16036",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO16036"
            },
            {
              "name": "53043",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53043"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21591272",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21591272"
            },
            {
              "name": "IO16035",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO16035"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-0726",
    "datePublished": "2012-04-22T18:00:00",
    "dateReserved": "2012-01-17T00:00:00",
    "dateUpdated": "2024-08-06T18:38:13.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-0726\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2012-04-22T18:55:03.857\",\"lastModified\":\"2024-11-21T01:35:36.960\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol.\"},{\"lang\":\"es\",\"value\":\"La configuraci\u00f3n por defecto de TLS en Tivoli Directory Server (TDS) v6.3 y anteriores, soporta los cifrados (1) NULL-MD5 y (2) NULL-SHA, lo que permite a atacantes remotos lanzar comunicaciones no cifradas a trav\u00e9s de TLS Handshake Protocol.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.3.0\",\"matchCriteriaId\":\"C2F4E54D-DA8B-46C1-A627-C8D960E1B719\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4CBA738-8969-4E5F-B538-1FBFAA432A91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13318848-11BC-4568-A3AF-1D1C89BF8FF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:5.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35E1DF05-5CE8-4782-9F65-B01464985908\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EF905E9-DDA5-4369-AC6C-FD6E2573E667\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C50ACBE-6F59-4985-BFA3-93CAD8E40B6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AD57EC4-40A8-432F-B3B0-96941779B96A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"574CF7FC-A438-468B-9B4C-4355005D363F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.69:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D74AC3D-DFCD-4A3A-9446-7C13C00E93A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06626F2E-605A-4AA0-839D-B035336453E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.45:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A43ECBF2-8D39-469F-8D45-B2FA44B3A9FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.46:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18ABDC8A-118C-4A35-A396-1020A9469D82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38204AD1-BF0E-4521-9EE6-66214B4A353B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.48:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"218DD29F-18C9-489D-9273-4705BFCDE0F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:6.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7165C049-258B-425D-B36B-152BBF3F8727\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"262F93A7-54A6-4D06-B5D1-FF6F7740044B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4798A6D-E4F3-4481-B2C2-DCA4BCD97572\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE5E8D59-79F9-46D1-A1A7-608FA49F7121\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB8B3BE0-2515-4CB1-B124-5462703CD32B\"}]}]}],\"references\":[{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21591272\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg1IO15761\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg1IO16035\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg1IO16036\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www.securityfocus.com/bid/53043\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www.securitytracker.com/id?1026939\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/74303\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21591272\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg1IO15761\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg1IO16035\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg1IO16036\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/53043\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1026939\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/74303\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

fkie_cve-2012-0726

Vulnerability from fkie_nvd

Published

2012-04-22 18:55

Modified

2024-11-21 01:35

Severity ?

Summary

References

▼	URL	Tags
	psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21591272
	psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg1IO15761
	psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg1IO16035
	psirt@us.ibm.com	http://www.ibm.com/support/docview.wss?uid=swg1IO16036
	psirt@us.ibm.com	http://www.securityfocus.com/bid/53043
	psirt@us.ibm.com	http://www.securitytracker.com/id?1026939
	psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/74303
	af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21591272
	af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg1IO15761
	af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg1IO16035
	af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=swg1IO16036
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/53043
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026939
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/74303

Impacted products

Vendor	Product	Version
ibm	tivoli_directory_server	*
ibm	tivoli_directory_server	3.2.2
ibm	tivoli_directory_server	4.1
ibm	tivoli_directory_server	5.2.0
ibm	tivoli_directory_server	6.0
ibm	tivoli_directory_server	6.0.0
ibm	tivoli_directory_server	6.0.0.7
ibm	tivoli_directory_server	6.0.0.8
ibm	tivoli_directory_server	6.0.0.69
ibm	tivoli_directory_server	6.1.0
ibm	tivoli_directory_server	6.1.0.45
ibm	tivoli_directory_server	6.1.0.46
ibm	tivoli_directory_server	6.1.0.47
ibm	tivoli_directory_server	6.1.0.48
ibm	tivoli_directory_server	6.2.0
ibm	tivoli_directory_server	6.2.0.19
ibm	tivoli_directory_server	6.2.0.20
ibm	tivoli_directory_server	6.2.0.21
ibm	tivoli_directory_server	6.2.0.22

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2F4E54D-DA8B-46C1-A627-C8D960E1B719",
              "versionEndIncluding": "6.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4CBA738-8969-4E5F-B538-1FBFAA432A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "13318848-11BC-4568-A3AF-1D1C89BF8FF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35E1DF05-5CE8-4782-9F65-B01464985908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF905E9-DDA5-4369-AC6C-FD6E2573E667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C50ACBE-6F59-4985-BFA3-93CAD8E40B6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AD57EC4-40A8-432F-B3B0-96941779B96A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "574CF7FC-A438-468B-9B4C-4355005D363F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.69:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D74AC3D-DFCD-4A3A-9446-7C13C00E93A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "06626F2E-605A-4AA0-839D-B035336453E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "A43ECBF2-8D39-469F-8D45-B2FA44B3A9FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "18ABDC8A-118C-4A35-A396-1020A9469D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "38204AD1-BF0E-4521-9EE6-66214B4A353B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "218DD29F-18C9-489D-9273-4705BFCDE0F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7165C049-258B-425D-B36B-152BBF3F8727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "262F93A7-54A6-4D06-B5D1-FF6F7740044B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4798A6D-E4F3-4481-B2C2-DCA4BCD97572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE5E8D59-79F9-46D1-A1A7-608FA49F7121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB8B3BE0-2515-4CB1-B124-5462703CD32B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol."
    },
    {
      "lang": "es",
      "value": "La configuraci\u00f3n por defecto de TLS en Tivoli Directory Server (TDS) v6.3 y anteriores, soporta los cifrados (1) NULL-MD5 y (2) NULL-SHA, lo que permite a atacantes remotos lanzar comunicaciones no cifradas a trav\u00e9s de TLS Handshake Protocol."
    }
  ],
  "id": "CVE-2012-0726",
  "lastModified": "2024-11-21T01:35:36.960",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-04-22T18:55:03.857",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21591272"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO15761"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO16035"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO16036"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/53043"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id?1026939"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74303"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21591272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO15761"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO16035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO16036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74303"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-c6rh-25p2-qg3g

Vulnerability from github

Published

2022-05-17 00:13

Modified

2022-05-17 00:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-0726"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-04-22T18:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol.",
  "id": "GHSA-c6rh-25p2-qg3g",
  "modified": "2022-05-17T00:13:42Z",
  "published": "2022-05-17T00:13:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0726"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74303"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21591272"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO15761"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO16035"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO16036"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/53043"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1026939"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2012-0726

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2012-0726

Aliases

CVE-2012-0726

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-0726",
    "description": "The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol.",
    "id": "GSD-2012-0726"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-0726"
      ],
      "details": "The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol.",
      "id": "GSD-2012-0726",
      "modified": "2023-12-13T01:20:13.343837Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2012-0726",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "IO15761",
            "refsource": "AIXAPAR",
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO15761"
          },
          {
            "name": "tds-nullcipher-weak-security(74303)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74303"
          },
          {
            "name": "1026939",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1026939"
          },
          {
            "name": "IO16036",
            "refsource": "AIXAPAR",
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO16036"
          },
          {
            "name": "53043",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/53043"
          },
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21591272",
            "refsource": "CONFIRM",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21591272"
          },
          {
            "name": "IO16035",
            "refsource": "AIXAPAR",
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO16035"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.69:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:3.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.45:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.46:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:6.0.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.48:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.47:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-0726"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IO16036",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO16036"
            },
            {
              "name": "IO15761",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO15761"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21591272",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21591272"
            },
            {
              "name": "IO16035",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1IO16035"
            },
            {
              "name": "1026939",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1026939"
            },
            {
              "name": "tds-nullcipher-weak-security(74303)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74303"
            },
            {
              "name": "53043",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/53043"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-12-19T02:29Z",
      "publishedDate": "2012-04-22T18:55Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2012-0726

Vulnerability from cvelistv5

fkie_cve-2012-0726

Vulnerability from fkie_nvd

ghsa-c6rh-25p2-qg3g

Vulnerability from github

gsd-2012-0726

Vulnerability from gsd

Tags

Sightings

Nomenclature