{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-11T00:00:00", "descriptions": [{"lang": "en", "value": "GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-30T15:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "RHSA-2015:1007", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"}, {"name": "73326", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/73326"}, {"name": "RHSA-2015:1006", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"}, {"name": "RHSA-2015:1091", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698703"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"}, {"name": "SUSE-SU-2015:1138", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"}, {"name": "RHSA-2015:1020", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"}, {"name": "SUSE-SU-2015:1086", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"}, {"name": "SUSE-SU-2015:1085", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"}, {"name": "RHSA-2015:1021", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"}, {"name": "SUSE-SU-2015:1073", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"}, {"name": "SUSE-SU-2015:1161", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-0138", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2015:1007", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"}, {"name": "73326", "refsource": "BID", "url": "http://www.securityfocus.com/bid/73326"}, {"name": "RHSA-2015:1006", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"}, {"name": "RHSA-2015:1091", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698703", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698703"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"}, {"name": "SUSE-SU-2015:1138", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"}, {"name": "RHSA-2015:1020", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"}, {"name": "SUSE-SU-2015:1086", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"}, {"name": "SUSE-SU-2015:1085", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"}, {"name": "RHSA-2015:1021", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"}, {"name": "SUSE-SU-2015:1073", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"}, {"name": "SUSE-SU-2015:1161", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:03:09.863Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2015:1007", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"}, {"name": "73326", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/73326"}, {"name": "RHSA-2015:1006", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"}, {"name": "RHSA-2015:1091", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698703"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"}, {"name": "SUSE-SU-2015:1138", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"}, {"name": "RHSA-2015:1020", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"}, {"name": "SUSE-SU-2015:1086", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"}, {"name": "SUSE-SU-2015:1085", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"}, {"name": "RHSA-2015:1021", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"}, {"name": "SUSE-SU-2015:1073", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"}, {"name": "SUSE-SU-2015:1161", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-0138", "datePublished": "2015-03-25T01:00:00", "dateReserved": "2014-11-18T00:00:00", "dateUpdated": "2024-08-06T04:03:09.863Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1F13D54-ED0A-4941-85E1-8C2BCF366891", "versionEndIncluding": "6.0.0.73", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "06626F2E-605A-4AA0-839D-B035336453E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F468434-0317-435A-B2A6-5923A88A090F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E79197BC-3BDF-4F38-B63F-1B2A658B645F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F7B1402A-B3C3-4210-928F-6EFCCE2DE1CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "92D48F0B-C9E2-4381-8463-83FF47136EB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "36308D0C-D92C-4857-A857-097F383EE76C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "A84CEB80-796F-4928-A2A0-73E604543A70", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "462385FC-F345-42EE-ABF0-E1781CC648A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "F10F3910-5616-41A2-A3BF-18FA4DD68631", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "51C34738-5F9B-43A7-987F-EB805B31119E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "6AA93B63-9D15-4784-8585-DBC139A382E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "55D84E30-1F23-4A6A-B622-78DBEEBEFB46", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "50C9A7DF-6968-41CC-911A-B746CB43AA82", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "0EA493E1-F791-4FE5-9F7E-36CAC0D942C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "F7365156-4EA3-476A-A395-FADEDF1BA80A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "321B15BC-2653-4B64-A5AE-9FCA6A08713C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "5A1B527B-E07D-4543-92A6-0EE58CB8FECC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "3CDBA9D2-E683-431A-B06C-5CCA55E44EA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "6EF4AFCB-755A-40E9-AB2B-4FDFD10B0388", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "86556AFA-F4F5-4C29-B59D-DC5281375E07", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "5E16D75E-7678-48AF-AA2D-33C167ACC99E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "FBB97A26-E8A9-418C-87C9-F4837BF6680A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.22:*:*:*:*:*:*:*", "matchCriteriaId": "AFFA6A4C-8EE2-4898-9AEB-CA5EBE4BC5E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.23:*:*:*:*:*:*:*", "matchCriteriaId": "3922010D-4867-402C-9EC5-98FDEB281EA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.24:*:*:*:*:*:*:*", "matchCriteriaId": "EBC6C026-A23F-4A12-BE0C-3333B9D5A0DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "297D92F4-51B0-4DC0-B872-984AD0A6008F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.26:*:*:*:*:*:*:*", "matchCriteriaId": "4B93E759-1B76-421D-9684-F6FF77A99E6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.27:*:*:*:*:*:*:*", "matchCriteriaId": "344605B3-15C9-4E36-A22B-7EBC1207A03E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "F15D60CA-8B3C-48D7-A860-1B72BCA14CFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.29:*:*:*:*:*:*:*", "matchCriteriaId": "FD03B74B-E234-4757-8D98-896DEA4CED7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.30:*:*:*:*:*:*:*", "matchCriteriaId": "BAF9CDD0-3F78-4489-A18D-40A1FAF705F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.31:*:*:*:*:*:*:*", "matchCriteriaId": "3CBF6D03-9A58-477D-B5D0-030A373A58AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.32:*:*:*:*:*:*:*", "matchCriteriaId": "7C7636BE-22BB-44C3-B303-9780E2A24487", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.33:*:*:*:*:*:*:*", "matchCriteriaId": "7E4E6E83-914D-467F-9EEA-56669B95CCAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.34:*:*:*:*:*:*:*", "matchCriteriaId": "38BBCED9-4260-40DC-A9A6-40CDB09BA92E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.35:*:*:*:*:*:*:*", "matchCriteriaId": "D297D508-ACC2-41E7-B3F5-5AEDFE3E2453", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.36:*:*:*:*:*:*:*", "matchCriteriaId": "DBD3BA3E-E015-4CB7-B686-19F45F8221C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.37:*:*:*:*:*:*:*", "matchCriteriaId": "90F615EC-7530-468D-B62E-B07A1FE0431B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.38:*:*:*:*:*:*:*", "matchCriteriaId": "7E278A8E-D7B6-450C-92D6-9955B22E18C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.39:*:*:*:*:*:*:*", "matchCriteriaId": "DB9D85F4-1019-419D-8769-B1636385384C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.40:*:*:*:*:*:*:*", "matchCriteriaId": "B7D3F8DB-C145-403F-92DE-CF4D5DC83177", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.41:*:*:*:*:*:*:*", "matchCriteriaId": "5FE3E56E-95DC-4706-9FBE-622FFA9C8092", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.42:*:*:*:*:*:*:*", "matchCriteriaId": "684BD112-7763-4901-973C-D2ABB10CCE3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.43:*:*:*:*:*:*:*", "matchCriteriaId": "311FA0A0-FACB-4A20-AA75-35EF1FF6F0D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.44:*:*:*:*:*:*:*", "matchCriteriaId": "16C8CA71-D7A8-4841-A895-E009F3552359", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.45:*:*:*:*:*:*:*", "matchCriteriaId": "A43ECBF2-8D39-469F-8D45-B2FA44B3A9FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.46:*:*:*:*:*:*:*", "matchCriteriaId": "18ABDC8A-118C-4A35-A396-1020A9469D82", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.47:*:*:*:*:*:*:*", "matchCriteriaId": "38204AD1-BF0E-4521-9EE6-66214B4A353B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.48:*:*:*:*:*:*:*", "matchCriteriaId": "218DD29F-18C9-489D-9273-4705BFCDE0F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.49:*:*:*:*:*:*:*", "matchCriteriaId": "3947B542-1356-4645-A792-E27DB2C07DCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.50:*:*:*:*:*:*:*", "matchCriteriaId": "39A69967-1505-45AB-B70B-9E9C15AB6798", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.51:*:*:*:*:*:*:*", "matchCriteriaId": "C6AE0B38-8249-4959-B031-996EC4EE92FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.52:*:*:*:*:*:*:*", "matchCriteriaId": "0652BE9E-5EC8-436A-A88E-4707F36C5893", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.53:*:*:*:*:*:*:*", "matchCriteriaId": "A2541DAF-6093-4411-98C6-A41F49D224D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.54:*:*:*:*:*:*:*", "matchCriteriaId": "CCC763F0-71C3-494C-AD5D-A3389D643328", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.55:*:*:*:*:*:*:*", "matchCriteriaId": "2C19DFC0-14CC-456D-AC84-D9F634F9734F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.56:*:*:*:*:*:*:*", "matchCriteriaId": "1D2BE5F0-CEEB-480A-9B80-D08142659C24", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.57:*:*:*:*:*:*:*", "matchCriteriaId": "540FD770-3493-4C44-A3B4-2AB307E0B472", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.58:*:*:*:*:*:*:*", "matchCriteriaId": "C5F359B1-7984-4BB8-9408-440745AFBF4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.59:*:*:*:*:*:*:*", "matchCriteriaId": "472B5989-E033-449C-AB90-E24FE7F99125", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.60:*:*:*:*:*:*:*", "matchCriteriaId": "84B938E8-26C7-425C-AA54-081FF3EC00F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.61:*:*:*:*:*:*:*", "matchCriteriaId": "202262F1-6CB8-4235-B5F0-00FDC6FB614D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.62:*:*:*:*:*:*:*", "matchCriteriaId": "3FF29B53-180C-4B20-90D5-480C467F5746", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.63:*:*:*:*:*:*:*", "matchCriteriaId": "61B7FD9C-FEA9-4001-BD48-10B02B38989E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.64:*:*:*:*:*:*:*", "matchCriteriaId": "E55B351A-E773-42F0-A7EA-F1874F7BCCCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.65:*:*:*:*:*:*:*", "matchCriteriaId": "57FB18BD-4C72-436C-85CB-06037E2CFC1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.1.0.66:*:*:*:*:*:*:*", "matchCriteriaId": "3EC0FD9F-A137-4AD1-8F77-58E822070D06", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "653551D3-88A3-4E69-A1B1-64326BEF1F18", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2CBAF2E5-4931-41AF-BCDA-D769B06FB05E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "98186E56-0F75-4306-9E34-A388EA2FD6C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "2FC2A00D-4A9E-4BB7-81E6-A0D3A8434EA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "D0CB6BE6-C851-4C31-A016-CCD4937277D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "2260260B-B69E-4B59-A0D1-1F71B92ABDFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "F8BFF1C8-8AEA-43FC-B76C-F4A44A713F9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "E08631DE-72C4-462B-9763-41783EA8963C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "50315494-8C1B-436B-8E24-8B8CA565FB17", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "2759F8BC-8400-4AB1-81DD-51BD69BB720E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "EEEB330D-5FC6-424B-85EF-06A56329FFEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "3588C1D0-3C8F-4C7A-A7F7-94EE51FA7ECF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "33DE5E95-BA4A-42A2-B376-373331D9934E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "6D5D35E5-AFBE-4D90-9E89-9251C45CF0DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "B87492D7-D0C6-4E4A-87B3-F44BC3149101", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "262F93A7-54A6-4D06-B5D1-FF6F7740044B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "E4798A6D-E4F3-4481-B2C2-DCA4BCD97572", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "FE5E8D59-79F9-46D1-A1A7-608FA49F7121", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.22:*:*:*:*:*:*:*", "matchCriteriaId": "BB8B3BE0-2515-4CB1-B124-5462703CD32B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.23:*:*:*:*:*:*:*", "matchCriteriaId": "03B735E0-B531-4684-8BF5-0540F5B8FBEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.24:*:*:*:*:*:*:*", "matchCriteriaId": "677E05F0-F000-4C5F-83D7-7E2ED5CCB0A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "5E923364-6895-4B51-9C3F-B150EC6A541D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.26:*:*:*:*:*:*:*", "matchCriteriaId": "5F288406-D938-415D-AD92-F8AFC7219691", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.27:*:*:*:*:*:*:*", "matchCriteriaId": "08BBE891-2D1F-485D-A509-1A851CE83111", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.29:*:*:*:*:*:*:*", "matchCriteriaId": "C6771D20-C32B-4324-89E6-387724922D37", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.30:*:*:*:*:*:*:*", "matchCriteriaId": "AC8A4729-46F8-44BE-B31C-FFB761C17D89", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.31:*:*:*:*:*:*:*", "matchCriteriaId": "C87A9397-6290-4D19-8A80-0D439B5915A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.32:*:*:*:*:*:*:*", "matchCriteriaId": "CC60F206-4C09-4E06-98F5-8B4C85714803", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.33:*:*:*:*:*:*:*", "matchCriteriaId": "78F293FC-C7C7-41A3-A5B0-5203B000D41F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.34:*:*:*:*:*:*:*", "matchCriteriaId": "2AC09987-98C8-4395-871F-E45C9745ACD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.35:*:*:*:*:*:*:*", "matchCriteriaId": "BAB52381-38CB-4B68-9515-019FE318CA92", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.36:*:*:*:*:*:*:*", "matchCriteriaId": "E8F3261B-9595-493A-9CFB-F3C049C570C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.37:*:*:*:*:*:*:*", "matchCriteriaId": "EDD872AF-0478-457D-87DA-FC125378411F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.38:*:*:*:*:*:*:*", "matchCriteriaId": "3DD471E9-2DD0-4364-ABC2-9CFC0747A477", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.39:*:*:*:*:*:*:*", "matchCriteriaId": "B6A40152-B83F-454A-A94E-F694512F56FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.40:*:*:*:*:*:*:*", "matchCriteriaId": "9AE73B82-CC1C-4F5D-A8D3-7AD151665B73", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.41:*:*:*:*:*:*:*", "matchCriteriaId": "5365E6BD-067B-46F8-A2F6-B46801B55FC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.2.0.42:*:*:*:*:*:*:*", "matchCriteriaId": "6C7EA7C3-A9AE-4C55-88FC-06DA3A03766A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D48029C-3455-46A6-A8CA-8013A167979B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D872267B-B01D-4723-A522-8CDF684CB980", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2234E088-31ED-4BBF-94C5-131E3B0CB994", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "0CCF803A-86AE-4875-ABD8-2DDB44D88F56", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "DB3E505A-C749-4465-964F-0699DB9C094A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "F3B64779-4C28-4538-8F3C-EE32152AA8AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "A389475F-F043-40B7-894E-C8338EF86C11", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "2AD77105-5410-474A-B42F-5CC69CB5FDE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "869DB569-F140-4AD9-B230-2A5752BAEA8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "D5545F04-B8D1-48FB-BDAD-27E1260AEB97", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "C5A2FA81-F8D6-4255-8F55-A0B746D84691", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "C950A3E7-7CD2-4BB2-89B4-C708735371A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "6AC98E9A-E879-4A28-93E9-0977F7B4C860", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "EF81D730-514C-4A9A-8683-54A1AD4E8F42", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.22:*:*:*:*:*:*:*", "matchCriteriaId": "6369ACB4-475E-4349-A6C3-7B718660F65D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.23:*:*:*:*:*:*:*", "matchCriteriaId": "2B3EEB0C-7CFC-4CB3-A177-6A59BD4A68C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.24:*:*:*:*:*:*:*", "matchCriteriaId": "E8B3EE13-1C01-49DD-A642-C061783D958B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "B30DA3DA-82E3-4E8D-9077-66AE9B5A374F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.26:*:*:*:*:*:*:*", "matchCriteriaId": "E70DE3A2-A6D7-4493-9182-1C0B7FBDF90F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.27:*:*:*:*:*:*:*", "matchCriteriaId": "403A84D2-4D3E-483B-A14A-AF1CEF06B9A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "E6B3CD94-82B3-4265-9A9E-2F008F7051E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.29:*:*:*:*:*:*:*", "matchCriteriaId": "C0BFB392-F7EE-4448-A3AA-65E3269C1DEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.30:*:*:*:*:*:*:*", "matchCriteriaId": "2A621A28-D193-4C1B-8008-422DCE5229ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.31:*:*:*:*:*:*:*", "matchCriteriaId": "378EB8A4-7F3A-463A-8D12-83800BC0C0E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.32:*:*:*:*:*:*:*", "matchCriteriaId": "CEFC8686-795C-455B-B411-BD56E91683CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.33:*:*:*:*:*:*:*", "matchCriteriaId": "59568EE3-3365-4864-BAAB-CE56DE2420ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.34:*:*:*:*:*:*:*", "matchCriteriaId": "A0E3A04A-B6F9-4C69-8A4D-4415D10C73C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.0.35:*:*:*:*:*:*:*", "matchCriteriaId": "FB5DAFE9-F022-4240-AFDA-5B44E303F889", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C36D4B16-30CE-4E1F-9DCE-B06C849D5751", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "6406B436-A4C1-4936-AF73-C62DC663588A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "64144623-32F7-4FD7-AE40-875078EF6954", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "D0BCFF6A-7A7F-4DB7-B2AC-54A35B4F006D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "94CFDA59-051E-46C0-814A-CDE82C29B3BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_directory_server:6.3.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "2F1C266D-606B-47A3-898F-01D794F591E5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204."}, {"lang": "es", "value": "GSKit en IBM Tivoli Directory Server (ITDS) 6.0 anterior a 6.0.0.73-ISS-ITDS-IF0073, 6.1 anterior a 6.1.0.66-ISS-ITDS-IF0066, 6.2 anterior a 6.2.0.42-ISS-ITDS-IF0042, y 6.3 anterior a 6.3.0.35-ISS-ITDS-IF0035 e IBM Security Directory Server (ISDS) 6.3.1 anterior a 6.3.1.9-ISS-ISDS-IF0009 no restringe correctamente las transiciones de estados de TLS, lo que facilita a atacantes remotos realizar ataques de degradaci\u00f3n de cifrado sobre los cifrados EXPORT_RSA a trav\u00e9s de trafico de TLS manipulado, relacionado con el problema 'FREAK', una vulnerabilidad diferente a CVE-2015-0204."}], "id": "CVE-2015-0138", "lastModified": "2024-11-21T02:22:26.253", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-25T01:59:17.923", "references": [{"source": "psirt@us.ibm.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"}, {"source": "psirt@us.ibm.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"}, {"source": "psirt@us.ibm.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"}, {"source": "psirt@us.ibm.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"}, {"source": "psirt@us.ibm.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"}, {"source": "psirt@us.ibm.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"}, {"source": "psirt@us.ibm.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"}, {"source": "psirt@us.ibm.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"}, {"source": "psirt@us.ibm.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"}, {"source": "psirt@us.ibm.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"}, {"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698703"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/73326"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698703"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/73326"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:1006", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el5", "product_name": "Red Hat Enterprise Linux 5 Supplementary", "release_date": "2015-05-13T00:00:00Z"}, {"advisory": "RHSA-2015:1007", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.7.0-ibm-1:1.7.0.9.0-1jpp.1.el5", "product_name": "Red Hat Enterprise Linux 5 Supplementary", "release_date": "2015-05-13T00:00:00Z"}, {"advisory": "RHSA-2015:1021", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el5", "product_name": "Red Hat Enterprise Linux 5 Supplementary", "release_date": "2015-05-20T00:00:00Z"}, {"advisory": "RHSA-2015:1091", "cpe": "cpe:/a:redhat:network_satellite:5.6::el5", "package": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6", "product_name": "Red Hat Satellite 5.6", "release_date": "2015-06-11T00:00:00Z"}, {"advisory": "RHSA-2015:1091", "cpe": "cpe:/a:redhat:network_satellite:5.7::el6", "package": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6", "product_name": "Red Hat Satellite 5.7", "release_date": "2015-06-11T00:00:00Z"}, {"advisory": "RHSA-2015:1006", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.6.0-ibm-1:1.6.0.16.4-1jpp.1.el6_6", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2015-05-13T00:00:00Z"}, {"advisory": "RHSA-2015:1020", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.el6_6", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2015-05-20T00:00:00Z"}, {"advisory": "RHSA-2015:1021", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.5.0-ibm-1:1.5.0.16.10-1jpp.1.el6_6", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2015-05-20T00:00:00Z"}, {"advisory": "RHSA-2015:1020", "cpe": "cpe:/a:redhat:rhel_extras:7", "package": "java-1.7.1-ibm-1:1.7.1.3.0-1jpp.2.el7_1", "product_name": "Supplementary for Red Hat Enterprise Linux 7", "release_date": "2015-05-20T00:00:00Z"}], "bugzilla": {"description": "JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites (FREAK)", "id": "1219223", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1219223"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-327", "details": ["GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204."], "name": "CVE-2015-0138", "public_date": "2015-03-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-0138\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0138"], "threat_severity": "Moderate"}