Vulnerability Description
389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | 389 Directory Server | <= 1.3.3.10 |
Related Weaknesses (CWE)
References
- http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-12.htmlPatchVendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168985.ht
- https://bugzilla.redhat.com/show_bug.cgi?id=1230996
- https://fedorahosted.org/389/ticket/48194
- http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-3-12.htmlPatchVendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168985.ht
- https://bugzilla.redhat.com/show_bug.cgi?id=1230996
- https://fedorahosted.org/389/ticket/48194
FAQ
What is CVE-2015-3230?
CVE-2015-3230 is a vulnerability with a CVSS score of 7.5 (HIGH). 389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impa...
How severe is CVE-2015-3230?
CVE-2015-3230 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3230?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject 389 Directory Server.