Vulnerability Name:

CVE-2012-2191 (CCN-75996)

Assigned:2012-07-30
Published:2012-07-30
Updated:2017-08-29
Summary:IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2012-2191

Source: CCN
Type: SA50069
IBM Rational Directory Server GSKit Certificate Object Spoofing Security Issue

Source: CCN
Type: SA50240
IBM WebSphere Business Events GSKit Data Handling Denial of Service Vulnerability

Source: CCN
Type: SA50783
IBM Rational RequisitePro GSKit Two Vulnerabilities

Source: CCN
Type: SA51279
IBM Tivoli Access Manager for e-business GSKIT Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
51279

Source: CCN
Type: SA52391
IBM DB2 / DB2 Connect Global Security Toolkit Multiple Vulnerabilities

Source: CCN
Type: SA53067
IBM Informix Products Global Security Toolkit Multiple Vulnerabilities

Source: CCN
Type: SA53923
IBM Rational DOORS GSKit Weakness and Vulnerability

Source: CCN
Type: IBM Security Bulletin 1606096
Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.4

Source: CCN
Type: IBM Security Bulletin 1620711
IBM Informix Cryptographic Library Updates (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203)

Source: AIXAPAR
Type: UNKNOWN
IV31980

Source: AIXAPAR
Type: UNKNOWN
IV31981

Source: CCN
Type: IBM Security Bulletin 1606145
Multiple vulnerabilities in Rational Directory Server (CVE-2012-2203, CVE-2012-2191)

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21606145

Source: CCN
Type: IBM Security Bulletin 1607366
Two security vulnerabilities found and fixed in WebSphere Business Events V7.0, V7.0.1 and 7.0.1.1 in the DesignData Tooling (CVE-2012-2190, CVE-2012-2191)

Source: CCN
Type: IBM Security Bulletin 1609029
GSKit SSL/TLS Record Length vulnerability in Tivoli Directory Server (CVE-2012-2191)

Source: CCN
Type: IBM Security Bulletin 1613589
TPM for OSd / Images multiple vulnerabilities when GSKit is configured

Source: CCN
Type: IBM Security Bulletin 1614265
Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.0.1

Source: CCN
Type: IBM Security Bulletin 1614483
WebSphere MQ Security Bulletin: multiple vulnerabilities in GSKit component

Source: CCN
Type: IBM Security Bulletin 1622585
IBM Tivoli Monitoring GSKIT vulnerabilities (CVE-2012-2203, CVE-2012-2191, CVE-2012-2190)

Source: CCN
Type: IBM Security Bulletin 1626749
Multiple GSKit Vulnerabilities in IBM DB2 (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203)

Source: CCN
Type: IBM Security Bulletin 1640752
Multiple vulnerabilities in Product IBM Application Manager For Smart Business 1.2.1 (CVE-2013-0548, CVE-2013-0551, CVE-2013-0576 , CVE-2013-2960, CVE-2013-2961, CVE-2012-2190, CVE-2012-2191, CVE-2012-2203)

Source: CCN
Type: IBM Security Bulletin 1643698
GSKit Security Vulnerabilities addressed in IBM Tivoli Network Manager 3.8 and 3.9

Source: CCN
Type: IBM Security Bulletin 1650623
GSKit Security Vulnerabilities addressed in IBM Tivoli Netcool OMNIbus

Source: CCN
Type: IBM Security Bulletin 1651227
IBM SmartCloud Analytics - Log Analysis - Security exposures related to GSKit embedded with IBM Tivoli Monitoring components (CVE-2012-2203, CVE-2012-2191,CVE-2012-2190)

Source: CCN
Type: IBM Security Bulletin 1653034
IBM Tivoli Composite Application Manager for Transactions affected by multiple vulnerabilities in GSKit (CVE-2012-2203, CVE-2012-2191, CVE-2012-2190)

Source: CCN
Type: IBM Security Bulletin 1637636
Vulnerabilities affecting IBM Rational DOORS (CVE-2013-0169, CVE-2012-2191)

Source: CCN
Type: OSVDB ID: 84474
IBM Rational Directory Server GSKit Encrypted Record Vaudenay SSL CBC Timing Attack Remote DoS

Source: BID
Type: UNKNOWN
54743

Source: CCN
Type: BID-54743
IBM Multiple Products Global Security Toolkit Security Vulnerabilities

Source: XF
Type: UNKNOWN
ibm-multiple-recordlayer-dos(75996)

Source: XF
Type: UNKNOWN
rds-recordlayer-dos(75996)

Source: CCN
Type: IBM Security Bulletin 1611311
Security Vulnerabilities fixed in IBM WebSphere Application Server 6.1.0.45

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:global_security_kit:7.0.4.28:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:global_security_kit:7.0.4.29:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:global_security_kit:*:*:*:*:*:*:*:* (Version <= 8.0.13)
  • OR cpe:/a:ibm:rational_directory_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm global security kit 7.0.4.28
    ibm global security kit 7.0.4.29
    ibm global security kit *
    ibm rational directory server *
    ibm tivoli directory server *