Lucene search

IbmCVE-2015-1972

HistoryJun 28, 2015 - 3:59 p.m.

CVE-2015-1972

2015-06-2815:59:01

CWE-200

ibm

web.nvd.nist.gov

cve-2015-1972

ibm tivoli

security directory server

nvd

remote attackers

sensitive information

post request

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

7.1

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON

IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sensitive error-log information via a crafted POST request.

Affected configurations

Nvd

Node

ibmtivoli_directory_serverMatch6.0

ibmtivoli_directory_serverMatch6.1.0

ibmtivoli_directory_serverMatch6.2.0.0

ibmtivoli_directory_serverMatch6.3.0.0

ibmtivoli_directory_serverMatch6.3.1.0

ibmtivoli_directory_serverMatch6.4.0

VendorProductVersionCPE
ibmtivoli_directory_server6.0cpe:2.3:a:ibm:tivoli_directory_server:6.0:*:*:*:*:*:*:*
ibmtivoli_directory_server6.1.0cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*
ibmtivoli_directory_server6.2.0.0cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*
ibmtivoli_directory_server6.3.0.0cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*
ibmtivoli_directory_server6.3.1.0cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:*:*:*:*:*:*:*
ibmtivoli_directory_server6.4.0cpe:2.3:a:ibm:tivoli_directory_server:6.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_directory_server	6.0	cpe:2.3:a:ibm:tivoli_directory_server:6.0:::::::*
ibm	tivoli_directory_server	6.1.0	cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:::::::*
ibm	tivoli_directory_server	6.2.0.0	cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:::::::*
ibm	tivoli_directory_server	6.3.0.0	cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:::::::*
ibm	tivoli_directory_server	6.3.1.0	cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:::::::*
ibm	tivoli_directory_server	6.4.0	cpe:2.3:a:ibm:tivoli_directory_server:6.4.0:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21960659

www.securityfocus.com/bid/75441

www.securitytracker.com/id/1032734

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

7.1

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON

Related for CVE-2015-1972