Skip to main content

7PK - Security Features

CVE-2015-3230

Severity High
Score 7.5/10

Summary

389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.

  • LOW
  • NETWORK
  • NONE
  • PARTIAL
  • PARTIAL
  • PARTIAL

CWE-254 - Security Features

Security features are integrated into the application infrastructure to protect its resources and the trusted environment against a known exploit, threat, or vulnerability. However, flawed, disabled, or absent security features expose the application to a variety of attacks. This is a multidimensional vulnerability with broad potential impact. It can lead to defacement, confidentiality compromise, system takeover, etc.

References

Advisory Timeline

  • Published