CVE-2015-3230
First published: Thu Oct 29 2015(Updated: )
389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat 389 Directory Server | <=1.3.3.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-3230?
CVE-2015-3230 has a moderate severity rating as it can lead to potential exploitation through the use of disabled ciphers.
How do I fix CVE-2015-3230?
To fix CVE-2015-3230, upgrade to 389 Directory Server version 1.3.3.12 or later.
What impact does CVE-2015-3230 have on my system?
CVE-2015-3230 may allow remote attackers to exploit the server by forcing the use of disabled SSL3 ciphers, leading to possible security breaches.
Which versions of software are affected by CVE-2015-3230?
CVE-2015-3230 affects 389 Directory Server versions prior to 1.3.3.12.
Is CVE-2015-3230 a critical vulnerability?
CVE-2015-3230 is not classified as a critical vulnerability, but it poses a significant risk due to insecure cipher usage.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/fedoraproject
- canonical/red hat 389 directory server
- version/red hat 389 directory server/1.3.3.10