Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM7B024313D544E8F1091B961FD368EE795044D77E6F38AEF7B87596738D05F274
HistoryJun 17, 2018 - 3:28 p.m.

Security Bulletin:Multiple vulnerabilities in PCRE affect IBM Tivoli Network Manager IP Edition

2018-06-1715:28:51
www.ibm.com
9

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

Multiple vulnerabilities exist in PCRE v5.x, shipped with IBM Tivoli Network Manager IP Edition. Therefore PCRE 8.35 has been upgraded in IBM Tivoli Network Manager IP Edition.

Vulnerability Details

CVE-ID: CVE-2015-2327
Description: PCRE is vulnerable to a denial of service, caused by the improper handling of patterns with certain recursion. A remote attacker could exploit this vulnerability using a specially crafted regular expression to cause a segmentation fault.
CVSS Base Score: 5.300
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/109275&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVE-ID: CVE-2015-2328
Description: PCRE is vulnerable to a denial of service, caused by the improper handling of patterns with certain internal recursive back references. A remote attacker could exploit this vulnerability using a specially crafted regular expression to cause a segmentation fault.
CVSS Base Score: 5.300
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/109276&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

AffectedProduct

| VRMF|APAR|Remediation/First Fix
—|—|—|—
Tivoli Network Manager IP Edition| 3.8.0.7| IV81816| Fix to be deliver on demand
Please call IBM service and reference APAR IV81816, to obtain a fix.
Tivoli Network Manager IP Edition| 3.9.0.4/IF01| IV81816| https://www-01.ibm.com/support/docview.wss?uid=swg24037809
Tivoli Network Manager IP Edition | 4.1| IV81816| Fix to be deliver on demand
Please call IBM service and reference APAR IV81816, to obtain a fix.
Tivoli Network Manager IP Edition| 4.1.1.1 | IV81816| Interim Fix to be release on or before Oct 29th_._
Tivoli Network Manager IP Edition| 4.2| IV81816| PCRE has been upgraded in 42 FP1.http://www-01.ibm.com/support/docview.wss?uid=swg24042425_ _

Remediation/Fixes

29 Oct 2016: Original document published

Workarounds and Mitigations

None

Related

ubuntucve 2
cve 2
debiancve 2
prion 2
ibm 10
openvas 10
nessus 11
f5 2
openwrt 1
centos 1
redhat 2
oraclelinux 1
ubuntu 1
rosalinux 1
veracode 57
suse 2
ubuntucve
ubuntucve
CVE-2015-2328
2015-12-01 00:00:00
CVE-2015-2327
2015-12-01 00:00:00
cve
cve
CVE-2015-2328
2015-12-02 01:59:00
CVE-2015-2327
2015-12-02 01:59:00
debiancve
debiancve
CVE-2015-2328
2015-12-02 01:59:00
CVE-2015-2327
2015-12-02 01:59:00
prion
prion
Code injection
2015-12-02 01:59:00
Code injection
2015-12-02 01:59:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in PCRE library affect IBM Tealeaf Customer Experience
2018-06-16 20:03:39
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library.
2023-12-20 20:15:48
Security Bulletin: Multiple vulnerabilities in PCRE affect PowerKVM
2018-06-18 01:32:32
openvas
openvas
Huawei EulerOS: Security Advisory for pcre (EulerOS-SA-2019-1558)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for pcre (EulerOS-SA-2016-1023)
2020-01-23 00:00:00
CentOS Update for pcre CESA-2016:1025 centos7
2016-05-17 00:00:00
nessus
nessus
EulerOS Virtualization 3.0.1.0 : pcre (EulerOS-SA-2019-1558)
2019-05-15 00:00:00
F5 Networks BIG-IP : Multiple PCRE vulnerabilities (K20225390)
2016-08-02 00:00:00
Scientific Linux Security Update : pcre on SL7.x x86_64 (20160511)
2016-05-12 00:00:00
f5
f5
SOL20225390 - Multiple PCRE vulnerabilities
2016-02-04 00:00:00
K20225390 : Multiple PCRE vulnerabilities
2016-02-04 00:00:00
openwrt
openwrt
pcre: Security update (18 CVEs)
2016-01-28 12:40:02
centos
centos
pcre security update
2016-05-13 00:44:08
redhat
redhat
(RHSA-2016:1025) Important: pcre security update
2016-05-11 11:17:05
(RHSA-2016:2750) Moderate: rh-php56 security, bug fix, and enhancement update
2016-11-15 11:13:31
oraclelinux
oraclelinux
pcre security update
2016-05-11 00:00:00
ubuntu
ubuntu
PCRE vulnerabilities
2016-03-29 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1947
2021-07-02 17:40:57
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:02:26
Arbitrary Code Execution
2019-05-02 06:02:23
Arbitrary Code Execution
2019-05-02 06:02:23
suse
suse
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for 7B024313D544E8F1091B961FD368EE795044D77E6F38AEF7B87596738D05F274
ubuntucve2cve2debiancve2prion2ibm10openvas10nessus11f52openwrt1centos1redhat2oraclelinux1ubuntu1rosalinux1veracode57suse2