Lucene search

K
nvd[email protected]NVD:CVE-2015-1892
HistoryApr 01, 2015 - 2:00 a.m.

CVE-2015-1892

2015-04-0102:00:32
CWE-200
web.nvd.nist.gov
5

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.002

Percentile

61.3%

The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.

Affected configurations

Nvd
Node
ibmsecurity_access_manager_for_web_7.0_firmwareRange≤7.0.0.11
OR
ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.0.1
OR
ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.0.2
OR
ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.0.3
OR
ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.0.4
OR
ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.0.5
OR
ibmsecurity_access_manager_for_web_8.0_firmwareMatch8.0.1.0
VendorProductVersionCPE
ibmsecurity_access_manager_for_web_7.0_firmware*cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:*:*:*:*:*:*:*:*
ibmsecurity_access_manager_for_web_8.0_firmware8.0.0.1cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*
ibmsecurity_access_manager_for_web_8.0_firmware8.0.0.2cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*
ibmsecurity_access_manager_for_web_8.0_firmware8.0.0.3cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*
ibmsecurity_access_manager_for_web_8.0_firmware8.0.0.4cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.4:*:*:*:*:*:*:*
ibmsecurity_access_manager_for_web_8.0_firmware8.0.0.5cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*
ibmsecurity_access_manager_for_web_8.0_firmware8.0.1.0cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.002

Percentile

61.3%

Related for NVD:CVE-2015-1892