Lucene search

[email protected]CVE-2008-1705

HistoryApr 09, 2008 - 7:05 p.m.

CVE-2008-1705

2008-04-0919:05:00

CWE-134

[email protected]

web.nvd.nist.gov

ibm

soliddb

format string vulnerability

logging

nvd

cve-2008-1705

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.057 Low

EPSS

Percentile

93.3%

JSON

Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields.

CPENameOperatorVersion
ibm:soliddbibm soliddbeq06.00.1018

CPE	Name	Operator	Version
ibm:soliddb	ibm soliddb	eq	06.00.1018

References

aluigi.altervista.org/adv/soliduro-adv.txt

aluigi.org/poc/soliduro.zip

secunia.com/advisories/29512

securitytracker.com/id?1019721

www.securityfocus.com/archive/1/490129/100/0/threaded

www.securityfocus.com/bid/28468

www.vupen.com/english/advisories/2008/1038

exchange.xforce.ibmcloud.com/vulnerabilities/41485

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.057 Low

EPSS

Percentile

93.3%

JSON

Related for CVE-2008-1705

prion1 cvelist1 checkpoint_advisories1