Vulnerability in Fedoraproject 389_directory_server

CVE-2015-3230

389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled ciph…

EPSS: 0.006 (70.1th percentile) — read the EPSS interpretation.

Affected products

Fedoraproject 389_directory_server
N/a — versions n/a

Weakness classification (CWE)

CWE-254

References

secalert@redhat.com (x_refsource_CONFIRM)
FEDORA-2015-15128 (x_refsource_FEDORA, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)