Vulnerability in IBM Global Security Kit (GSKit) Allows Remote Denial of Service

Vulnerability in IBM Global Security Kit (GSKit) Allows Remote Denial of Service

CVE-2012-2191 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333.

Learn more about our Cis Benchmark Audit For Server Software.