|Category:||Input Validation Error|
Published on 08/08/12 - Updated on 29/08/17
IBM Global Security Kit (aka GSKit) before 188.8.131.52, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333.
CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.
|CERTA-2012-AVI-414, CERTA-2012-AVI-526, CERTA-2012-AVI-535, CERTA-2012-AVI-552, CERTA-2012-AVI-671, CERTA-2013-AVI-159|
|2012/VULN314, 2012/VULN377, 2012/VULN413, 2013/VULN086|