{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-10-08T00:00:00", "descriptions": [{"lang": "en", "value": "389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-10-29T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://fedorahosted.org/389/ticket/48194"}, {"name": "FEDORA-2015-15128", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168985.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230996"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-12.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:39:32.036Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://fedorahosted.org/389/ticket/48194"}, {"name": "FEDORA-2015-15128", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168985.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230996"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-12.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-3230", "datePublished": "2015-10-29T20:00:00", "dateReserved": "2015-04-10T00:00:00", "dateUpdated": "2024-08-06T05:39:32.036Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "D55DA2AE-B217-41DF-A14F-8282D1B3808D", "versionEndIncluding": "1.3.3.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher."}, {"lang": "es", "value": "389 Directory Server (anteriormente Fedora Directory Server) en versiones anteriores a 1.3.3.12 no hace cumplir la preferencia nsSSL3Ciphers cuando crean un sslSocket, lo que permite a atacantes remotos tener un impacto no especificado mediante la petici\u00f3n de utilizar un cifrado deshabilitado."}], "id": "CVE-2015-3230", "lastModified": "2024-11-21T02:28:57.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-10-29T20:59:00.087", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-12.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168985.html"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230996"}, {"source": "secalert@redhat.com", "url": "https://fedorahosted.org/389/ticket/48194"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-12.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168985.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230996"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://fedorahosted.org/389/ticket/48194"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHBA-2015:1554", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "389-ds-base-0:1.3.3.1-20.ael7b_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-08-05T00:00:00Z"}], "bugzilla": {"description": "389-ds-base: nsSSL3Ciphers preference not enforced server side (regression)", "id": "1232096", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232096"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "cwe": "CWE-665->CWE-327", "details": ["389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher."], "name": "CVE-2015-3230", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "389-ds-base", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2015-06-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-3230\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3230"], "statement": "This issue was correct in Red Hat Enterprise Linux 7 via RHBA-2015:1554. It did not affect the versions of 389-ds-base as shipped with Red Hat Enterprise Linux 6.", "threat_severity": "Moderate"}