OpenLDAP Vulnerability: Improper Parsing of OpenSSL-Style Multi-Keyword Mode Cipher Strings

OpenLDAP Vulnerability: Improper Parsing of OpenSSL-Style Multi-Keyword Mode Cipher Strings

CVE-2015-3276 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.

Learn more about our Web Application Penetration Testing UK.