Vulnerabilities > IBM > Tivoli Directory Server > 6.0.0.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-02-08 | CVE-2015-1976 | Improper Access Control vulnerability in IBM Security Directory Server and Tivoli Directory Server IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash. | 2.1 |
2015-03-25 | CVE-2015-0138 | Cryptographic Issues vulnerability in IBM Tivoli Directory Server GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. | 4.3 |
2012-04-22 | CVE-2012-0743 | Resource Management Errors vulnerability in IBM Tivoli Directory Server IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request. | 5.0 |
2012-04-22 | CVE-2012-0726 | Cryptographic Issues vulnerability in IBM Tivoli Directory Server The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol. | 6.4 |
2011-04-21 | CVE-2011-1820 | Information Exposure vulnerability in IBM Tivoli Directory Server IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) does not properly handle the ibm-auditAttributesOnGroupEvalOp setting for auditing of extended operations, which might allow attackers to obtain sensitive information by reading the audit log. | 1.7 |
2011-04-21 | CVE-2011-1206 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Tivoli Directory Server Stack-based buffer overflow in the server process in ibmslapd.exe in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) allows remote attackers to execute arbitrary code via a crafted LDAP request. | 10.0 |
2011-04-21 | CVE-2010-4789 | Resource Management Errors vulnerability in IBM Tivoli Directory Server Use-after-free vulnerability in the proxy-server implementation in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.65 (aka 6.0.0.8-TIV-ITDS-IF0007) and 6.3 before 6.3.0.1 (aka 6.3.0.0-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (daemon crash) via a paged search that is interrupted by an LDAP Unbind operation. | 4.0 |
2011-04-21 | CVE-2010-4788 | Improper Input Validation vulnerability in IBM Tivoli Directory Server IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) does not perform certain locking of linked-list access, which allows remote authenticated users to cause a denial of service (daemon crash) via a paged search. | 4.0 |
2011-04-21 | CVE-2010-4787 | Resource Management Errors vulnerability in IBM Tivoli Directory Server IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon hang) via a paged search that triggers improper mutex processing. | 4.0 |
2011-04-21 | CVE-2010-4786 | Resource Management Errors vulnerability in IBM Tivoli Directory Server IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon crash or hang) via a paged search, as demonstrated by a certain idsldapsearch command, related to an improper ibm-slapdIdleTimeOut configuration setting. | 4.0 |