NVD

Id
44039  
Name
CVE-2012-2203  
Description
IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2012-08-08  
Modified Date
2013-08-17  
Seq
2012-2203  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
221334 44039 CVE-2012-2203 IV31973  View
221335 44039 CVE-2012-2203 IV31975  View
221336 44039 CVE-2012-2203 http://www-01.ibm.com/support/docview.wss?uid=swg21606145  View
221337 44039 CVE-2012-2203 54743  View
221338 44039 CVE-2012-2203 rds-gskit-pkcs-spoofing(77280)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
27810 JVNDB-2012-003517 IBM Global Security Kit における SSL サーバになりすまされる脆弱性 IBM Rational Directory Server、IBM Tivoli Directory Server およびその他の製品で使用される IBM Global Security Kit は、ファイルの完全性に配慮せずに PKCS #12 ファイル形式を証明書オブジェクトに使用するため、SSL サーバになりすまされる脆弱性が存在します。 CVE-2012-2203 55441 CVE-2012-2203 44039 7.5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003517.html 2012-08-08 2012-08-10 View