Lucene search

[email protected]CVE-2007-1868

HistoryApr 04, 2007 - 4:19 p.m.

CVE-2007-1868

2007-04-0416:19:00

[email protected]

web.nvd.nist.gov

ibm

tivoli

provisioning manager

os deployment

remote code execution

cve-2007-1868

denial of service

http

daemon crash

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.86 High

EPSS

Percentile

98.6%

JSON

The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via crafted POST requests to port 8080/tcp or 443/tcp.

Affected configurations

NVD

Node

ibmtivoli_provisioning_manager_os_deploymentMatch5.1.0.116

CPENameOperatorVersion
ibm:tivoli_provisioning_manager_os_deploymentibm tivoli provisioning manager os deploymenteq5.1.0.116

CPE	Name	Operator	Version
ibm:tivoli_provisioning_manager_os_deployment	ibm tivoli provisioning manager os deployment	eq	5.1.0.116

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=498

secunia.com/advisories/24717

www-1.ibm.com/support/docview.wss?uid=swg24015347

www.securityfocus.com/bid/23264

www.securitytracker.com/id?1017840

www.vupen.com/english/advisories/2007/1199

exchange.xforce.ibmcloud.com/vulnerabilities/33384

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.86 High

EPSS

Percentile

98.6%

JSON

Related for CVE-2007-1868

securityvulns3 cvelist1 packetstorm1 prion1 nessus2 nvd1