Vulnerability Name:

CVE-2015-3230 (CCN-109272)

Assigned:2015-06-09
Published:2015-06-09
Updated:2023-02-13
Summary:389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-327
Vulnerability Consequences:Other
References:Source: MITRE
Type: CNA
CVE-2015-3230

Source: secalert@redhat.com
Type: Patch, Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla รข?? Bug 1230996
nsSSL3Ciphers preference not enforced server side (regression)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
389-directory-cve20153230-unspecified(109272)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-3230

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:fedoraproject:389_directory_server:1.3.3.11:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20153230
    V
    		CVE-2015-3230
    2022-09-02
    oval:org.opensuse.security:def:3462
    P
    		ctags-5.8-7.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95092
    P
    		389-ds-2.0.15~git17.498ec3e93-150400.1.3 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:971
    P
    		Security update for libqt5-qtbase (Important)
    2022-03-15
    oval:org.opensuse.security:def:111880
    P
    		389-ds-1.3.4.14-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:1493
    P
    		Security update for postgresql14 (Important)
    2021-11-22
    oval:org.opensuse.security:def:64612
    P
    		Security update for binutils (Moderate)
    2021-11-09
    oval:org.opensuse.security:def:94190
    P
    		 (Important)
    2021-10-20
    oval:org.opensuse.security:def:105460
    P
    		389-ds-1.3.4.14-1.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:71399
    P
    		subversion-1.10.0-3.3.1 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:63191
    P
    		389-ds-1.4.0.3-2.39 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:103681
    P
    		389-ds-1.4.0.3-2.39 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:96991
    P
    		389-ds-1.4.0.3-2.39 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:71286
    P
    		libnghttp2-14-1.31.1-1.15 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:90026
    P
    		389-ds-1.4.0.3-2.39 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:2102
    P
    		389-ds-1.4.0.3-2.39 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:1024
    P
    		Security update for MozillaFirefox (Important)
    2021-08-19
    oval:org.opensuse.security:def:68046
    P
    		Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP1) (Important)
    2021-08-17
    oval:org.opensuse.security:def:47821
    P
    		libzypp-16.19.0-2.36.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47545
    P
    		SuSEfirewall2-3.6.312.333-3.13.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48045
    P
    		ibus-chewing-1.4.14-4.11 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47560
    P
    		augeas-1.2.0-17.3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47874
    P
    		radvd-1.9.7-2.12 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47493
    P
    		rrdtool-1.4.7-20.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48098
    P
    		libblkid1-2.33.2-2.13 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47628
    P
    		gpg2-2.0.24-9.3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47953
    P
    		apache2-mod_perl-2.0.8-11.43 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47546
    P
    		aaa_base-13.2+git20140911.61c1681-38.8.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48193
    P
    		libsnmp30-32bit-5.7.3-6.6.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47681
    P
    		libXpm4-3.5.11-5.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47492
    P
    		rpm-32bit-4.11.2-15.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48006
    P
    		file-5.22-10.12.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47507
    P
    		sudo-1.8.20p2-1.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:48246
    P
    		ntp-4.2.8p13-85.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:2224
    P
    		389-ds-1.4.4.14~git0.37dc95673-1.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63313
    P
    		389-ds-1.4.4.14~git0.37dc95673-1.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:100903
    P
    		libcroco-0.6.13-1.26 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:1546
    P
    		Security update for the Linux Kernel (Important)
    2021-07-20
    oval:org.opensuse.security:def:66859
    P
    		Security update for sqlite3 (Important)
    2021-07-14
    oval:org.opensuse.security:def:48720
    P
    		gcc48-gij-32bit-4.8.5-24.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48544
    P
    		libqt4-4.8.6-7.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48671
    P
    		freerdp-1.0.2-7.9 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48407
    P
    		dstat-0.7.2-1.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48773
    P
    		gd-32bit-2.1.0-12.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48553
    P
    		libsrtp1-1.5.2-2.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48649
    P
    		xdg-utils-20140630-5.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48460
    P
    		libQt5Concurrent5-5.6.1-11.7 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48606
    P
    		python-imaging-1.1.7-21.8 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48702
    P
    		pulseaudio-module-bluetooth-5.0-2.7 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48491
    P
    		libexif12-0.6.21-6.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48618
    P
    		rsyslog-8.4.0-14.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:64699
    P
    		Security update for lz4 (Important)
    2021-06-01
    oval:org.opensuse.security:def:1603
    P
    		Security update for ibutils (Low)
    2021-05-13
    oval:org.opensuse.security:def:70215
    P
    		Security update for java-11-openjdk (Important)
    2021-05-11
    oval:org.opensuse.security:def:66767
    P
    		Security update for samba (Important)
    2021-05-04
    oval:org.opensuse.security:def:2159
    P
    		389-ds-1.4.3.9~git0.3eb8617f6-1.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63248
    P
    		389-ds-1.4.3.9~git0.3eb8617f6-1.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:107569
    P
    		389-ds-1.4.3.9~git0.3eb8617f6-1.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:117127
    P
    		389-ds-1.4.3.9~git0.3eb8617f6-1.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:2049
    P
    		389-ds-1.4.0.3-2.39 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63138
    P
    		389-ds-1.4.0.3-2.39 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:49880
    P
    		ntp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50044
    P
    		389-ds on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:73550
    P
    		389-ds on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49933
    P
    		clamsap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:67946
    P
    		perl-CGI on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49934
    P
    		389-ds on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49990
    P
    		apache2-mod_jk on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:70110
    P
    		libplist++-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49987
    P
    		389-ds on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:73432
    P
    		liblouis-data on GA media (Moderate)
    2020-12-01
    oval:com.ubuntu.precise:def:20153230000
    V
    		CVE-2015-3230 on Ubuntu 12.04 LTS (precise) - medium.
    2015-10-29
    oval:com.ubuntu.cosmic:def:201532300000000
    V
    		CVE-2015-3230 on Ubuntu 18.10 (cosmic) - medium.
    2015-10-29
    oval:com.ubuntu.artful:def:20153230000
    V
    		CVE-2015-3230 on Ubuntu 17.10 (artful) - medium.
    2015-10-29
    oval:com.ubuntu.trusty:def:20153230000
    V
    		CVE-2015-3230 on Ubuntu 14.04 LTS (trusty) - medium.
    2015-10-29
    oval:com.ubuntu.bionic:def:201532300000000
    V
    		CVE-2015-3230 on Ubuntu 18.04 LTS (bionic) - medium.
    2015-10-29
    oval:com.ubuntu.bionic:def:20153230000
    V
    		CVE-2015-3230 on Ubuntu 18.04 LTS (bionic) - medium.
    2015-10-29
    oval:com.ubuntu.xenial:def:20153230000
    V
    		CVE-2015-3230 on Ubuntu 16.04 LTS (xenial) - medium.
    2015-10-29
    oval:com.ubuntu.xenial:def:201532300000000
    V
    		CVE-2015-3230 on Ubuntu 16.04 LTS (xenial) - medium.
    2015-10-29
    oval:com.ubuntu.cosmic:def:20153230000
    V
    		CVE-2015-3230 on Ubuntu 18.10 (cosmic) - medium.
    2015-10-29
    oval:com.redhat.rhba:def:20151554
    P
    		RHBA-2015:1554: 389-ds-base bug fix update (Moderate)
    2015-08-05
    BACK
    fedoraproject 389 directory server 1.3.3.11