Lucene search

K
cve[email protected]CVE-2007-1868
HistoryApr 04, 2007 - 4:19 p.m.

CVE-2007-1868

2007-04-0416:19:00
web.nvd.nist.gov
34
ibm
tivoli
provisioning manager
os deployment
remote code execution
cve-2007-1868
denial of service
http
daemon crash

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.86 High

EPSS

Percentile

98.6%

The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via crafted POST requests to port 8080/tcp or 443/tcp.

Affected configurations

NVD
Node
ibmtivoli_provisioning_manager_os_deploymentMatch5.1.0.116

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.86 High

EPSS

Percentile

98.6%