CVE-2015-3230
EPSS 0.61%
Description
389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.
How to fix CVE-2015-3230
To remediate CVE-2015-3230, upgrade the affected package to a fixed version below.
- Debian/389-ds-base—upgrade to 1.3.3.12-1 or later
Is CVE-2015-3230 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.3.3.12-1