CVE-2015-3230

CWE-254 CWE-665 CWE-327 — Broken Cryptographic Algorithm8 documents7 sources

Severity

7.5HIGH

EPSS

0.6%

top 30.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject 389 Directory Server

Timeline

PublishedOct 29

Latest updateMay 17

Description

389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDfedoraproject/389_directory_server1.3.3.10

▶Debian389-ds-base< 1.3.3.12-1+2

Patches

Patch: directory.fedoraproject.org ↗Patch: directory.fedoraproject.org ↗

🔴Vulnerability Details

GHSA

GHSA-2q4h-358c-9wqx: 389 Directory Server (formerly Fedora Directory Server) before 1↗2022-05-17

▶

OSV

CVE-2015-3230: 389 Directory Server (formerly Fedora Directory Server) before 1↗2015-10-29

▶

CVEList

CVE-2015-3230: 389 Directory Server (formerly Fedora Directory Server) before 1↗2015-10-29

▶

📋Vendor Advisories

Red Hat

389-ds-base: nsSSL3Ciphers preference not enforced server side (regression)↗2015-06-09

▶

Debian

CVE-2015-3230: 389-ds-base - 389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not...↗2015

▶

💬Community

Bugzilla

CVE-2015-3230 389-ds-base: nsSSL3Ciphers preference not enforced server side (regression) [fedora-all]↗2015-06-17

▶

Bugzilla

CVE-2015-3230 389-ds-base: nsSSL3Ciphers preference not enforced server side (regression)↗2015-06-16

▶