5.2.0.4

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

ibm

CWE-399

NVD

Published: 2011-04-21

Updated: 2011-04-21

Summary

The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0006 does not properly perform certain sub filter parsing, which allows remote authenticated users to cause a denial of service (infinite loop) via a malformed search filter.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Tivoli Directory Server 5.2.0 IBM Tivoli Directory Server 5.2.0.4	2

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

References

http://www.ibm.com/support/docview.wss?uid=swg1IO07450
http://www.ibm.com/support/docview.wss?uid=swg24029663