6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Open source GNU C library (glibc) vulnerability affects IBM WebSphere Cast Iron Solution.
CVEID: CVE-2015-1781**
DESCRIPTION:** GNU C Library (glibc) is vulnerable to a buffer overflow, caused by improper bounds checking by the gethostbyname_r() and other related functions. By sending a specially-crafted argument, a remote attacker could overflow a buffer and execute arbitrary code on the system elevated privileges or cause the application to crash.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102500 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P)
This vulnerability affects the following versions:
WebSphere Cast Iron v 6.4.0.x
WebSphere Cast Iron v 6.3.0.x
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
Cast Iron Appliance and hypervisor| 6.4.0.x| LI79273| iFix 6.4.0.1-CUMUIFIX-040
Cast Iron Appliance and hypervisor| 6.3.0.x| LI79273| iFix 6.3.0.2-CUMUIFIX-022
None