Search criteria

18 vulnerabilities found for director by ibm

FKIE_CVE-2009-0879

Vulnerability from fkie_nvd - Published: 2009-03-12 15:20 - Updated: 2025-04-09 00:30
Severity ?
Summary
The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.
References
cve@mitre.orghttp://osvdb.org/52615
cve@mitre.orghttp://secunia.com/advisories/34212Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1021825Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/501638/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/34061
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/0656Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/49285
cve@mitre.orghttps://www.exploit-db.com/exploits/8190
cve@mitre.orghttps://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txtExploit
cve@mitre.orghttps://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/52615
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34212Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1021825Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/501638/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34061
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0656Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/49285
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/8190
af854a3a-2127-422b-91ae-364da2661108https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txtExploit
af854a3a-2127-422b-91ae-364da2661108https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm director *
ibm director 3.1.1
ibm director 4.10
ibm director 4.11
ibm director 4.12
ibm director 4.20
ibm director 4.21
ibm director 4.22
ibm director 5.10.0
ibm director 5.10.1
ibm director 5.10.2
ibm director 5.10.3
ibm director 5.20.0
ibm director 5.20.1
ibm director 5.20.2
microsoft windows *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:director:*:service_update_1:*:*:*:*:*:*",
              "matchCriteriaId": "D525C638-4015-4E45-9A82-1CABAC1DCC54",
              "versionEndIncluding": "5.20.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18E2470-6359-4E0C-83E7-880FA6EC8520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "622C9C51-0EB7-449F-96F0-07BC976CADDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B2A9EE4-B5EA-451E-9A50-0BB901A7BD2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "05D211F7-9F61-4E93-8C5E-596B782E0BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5EE0669-1042-4580-8883-793C2F4272C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "92C5D77E-60BC-406F-86F6-2F1F0C9C8E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60AE021-6483-4075-B0F5-4DBF49F5332A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AA0F5AD-D17D-492B-B463-52C40BA0B03B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AD25392-1D9D-47C9-BAE3-7C2B24663A20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2D5A503-C92F-4EB9-8B5F-F59A1C6FAB76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "824785BD-CA6D-4FDB-ADB3-428360D2F624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BCA51AD-90E3-4DC5-BA4A-95A8B55C2DDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B3F58B-3D5C-4B3D-BA72-050270D741AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA69558A-697A-4FEC-A8EA-7E71DF9C4764",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI."
    },
    {
      "lang": "es",
      "value": "El servidor CIM en IBM Director anterior a v5.20.3 Service Update 2 sobre Windows permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de un nombre largo \"consumer\", como se ha demostrado en una petici\u00f3n M-POST a una URI larga /CIMListener/."
    }
  ],
  "id": "CVE-2009-0879",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-03-12T15:20:49.953",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/52615"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34212"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1021825"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34061"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0656"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/8190"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/52615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1021825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/8190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2009-0880

Vulnerability from fkie_nvd - Published: 2009-03-12 15:20 - Updated: 2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.
References
cve@mitre.orghttp://osvdb.org/52616
cve@mitre.orghttp://secunia.com/advisories/34212Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/501639/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/34065
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/0656Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/49286
cve@mitre.orghttps://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txtExploit
cve@mitre.orghttps://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/52616
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34212Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/501639/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34065
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0656Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/49286
af854a3a-2127-422b-91ae-364da2661108https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txtExploit
af854a3a-2127-422b-91ae-364da2661108https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm director *
ibm director 3.1.1
ibm director 4.10
ibm director 4.11
ibm director 4.12
ibm director 4.20
ibm director 4.21
ibm director 4.22
ibm director 5.10.0
ibm director 5.10.1
ibm director 5.10.2
ibm director 5.10.3
ibm director 5.20.0
ibm director 5.20.1
ibm director 5.20.2
microsoft windows *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:director:*:service_update_1:*:*:*:*:*:*",
              "matchCriteriaId": "D525C638-4015-4E45-9A82-1CABAC1DCC54",
              "versionEndIncluding": "5.20.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18E2470-6359-4E0C-83E7-880FA6EC8520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "622C9C51-0EB7-449F-96F0-07BC976CADDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B2A9EE4-B5EA-451E-9A50-0BB901A7BD2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "05D211F7-9F61-4E93-8C5E-596B782E0BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5EE0669-1042-4580-8883-793C2F4272C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "92C5D77E-60BC-406F-86F6-2F1F0C9C8E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60AE021-6483-4075-B0F5-4DBF49F5332A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AA0F5AD-D17D-492B-B463-52C40BA0B03B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AD25392-1D9D-47C9-BAE3-7C2B24663A20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2D5A503-C92F-4EB9-8B5F-F59A1C6FAB76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "824785BD-CA6D-4FDB-ADB3-428360D2F624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BCA51AD-90E3-4DC5-BA4A-95A8B55C2DDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B3F58B-3D5C-4B3D-BA72-050270D741AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA69558A-697A-4FEC-A8EA-7E71DF9C4764",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en el servidor CIM en IBM Director anteriores v5.20.3 Service Update 2 en Windows que permite a los atacantes remotos cargar y ejecutar arbitrariamente c\u00f3digo DLL local a trav\u00e9s .. (punto punto) en un /CIMListener/ URI en una petici\u00f3n M-POST."
    }
  ],
  "evaluatorSolution": "Per: http://www.securityfocus.com/archive/1/archive/1/501639/100/0/threaded\r\n\r\n\"The vendor has adressed this vulnerability in service update 2 for IBM\r\nDirector agent 5.20.3. Download link:\r\n\r\nhttps://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\r\n\u0026S_PKG=director_x_520\u0026S_TACT=sms\u003c=en_US\u0026cp=UTF-8\"",
  "id": "CVE-2009-0880",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-03-12T15:20:49.983",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/52616"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34212"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/501639/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34065"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0656"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49286"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/52616"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/501639/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49286"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2007-5612

Vulnerability from fkie_nvd - Published: 2007-11-21 22:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections.
References
cret@cert.orghttp://secunia.com/advisories/27752Patch, Vendor Advisory
cret@cert.orghttp://securitytracker.com/id?1018985
cret@cert.orghttp://www.kb.cert.org/vuls/id/512193US Government Resource
cret@cert.orghttp://www.kb.cert.org/vuls/id/MIMG-78YMXE
cret@cert.orghttp://www.securityfocus.com/bid/26509Patch
cret@cert.orghttp://www.vupen.com/english/advisories/2007/3942
cret@cert.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/38583
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27752Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1018985
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/512193US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/MIMG-78YMXE
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26509Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3942
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/38583
Impacted products
Vendor Product Version
ibm director *
ibm director *
ibm director 3.1
ibm director 5.10
ibm director 5.10.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:director:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09DDCCE4-E1D1-48D3-8C04-7835C1400A51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BE3A207-0298-402F-938A-5CC3438EDF46",
              "versionEndIncluding": "5.20.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "503FAC31-5745-49DF-BCA0-70632B77F519",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AE4AE89-F12F-458D-805C-C790E210F49F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "824785BD-CA6D-4FDB-ADB3-428360D2F624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections."
    },
    {
      "lang": "es",
      "value": "CIM Server en IBM Director 5.20.1 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU, agotamientos de conexiones, y ca\u00edda del demonio) mediante un n\u00famero grande de conexiones sin utilizar."
    }
  ],
  "id": "CVE-2007-5612",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-11-21T22:46:00.000",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27752"
    },
    {
      "source": "cret@cert.org",
      "url": "http://securitytracker.com/id?1018985"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/512193"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.kb.cert.org/vuls/id/MIMG-78YMXE"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/26509"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.vupen.com/english/advisories/2007/3942"
    },
    {
      "source": "cret@cert.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27752"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1018985"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/512193"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.kb.cert.org/vuls/id/MIMG-78YMXE"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/26509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3942"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38583"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2006-4683

Vulnerability from fkie_nvd - Published: 2006-09-11 17:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE.
References
cve@mitre.orgftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf
cve@mitre.orghttp://secunia.com/advisories/21802Patch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/19915Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3532
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21802Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19915Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3532
Impacted products
Vendor Product Version
ibm director *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:director:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0FB4EE8-23D1-461B-8F74-A5C45BBB85D8",
              "versionEndIncluding": "3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE."
    },
    {
      "lang": "es",
      "value": "IBM Director anterior a 5.10 permite a un atacante remoto obtener informaci\u00f3n sensible de cabeceras HTTP a trav\u00e9s de HTTP TRACE."
    }
  ],
  "id": "CVE-2006-4683",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-09-11T17:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21802"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19915"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3532"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2006-4682

Vulnerability from fkie_nvd - Published: 2006-09-11 17:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets.
References
cve@mitre.orgftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf
cve@mitre.orghttp://secunia.com/advisories/21802Patch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/19915Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3532
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21802Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19915Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3532
Impacted products
Vendor Product Version
ibm director *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:director:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0FB4EE8-23D1-461B-8F74-A5C45BBB85D8",
              "versionEndIncluding": "3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades no especificadas en IMB Director anterior a 5.10 permite a un atacante remoto provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s de vectores no especificados implicando a (1) las respuestas de servidor mal formadas del WMI CIM y (2) paquetes mal formados."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nIBM, Director, 5.10",
  "id": "CVE-2006-4682",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-09-11T17:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21802"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19915"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3532"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2006-4681

Vulnerability from fkie_nvd - Published: 2006-09-11 17:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter.
References
cve@mitre.orgftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdfPatch
cve@mitre.orghttp://secunia.com/advisories/21802Exploit, Patch, Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1016815Exploit, Patch
cve@mitre.orghttp://www.securityfocus.com/bid/19898Exploit, Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3532
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/28836
cve@mitre.orghttps://www.exploit-db.com/exploits/2320
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdfPatch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21802Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016815Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19898Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3532
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28836
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/2320
Impacted products
Vendor Product Version
ibm director *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:director:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0FB4EE8-23D1-461B-8F74-A5C45BBB85D8",
              "versionEndIncluding": "3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de atravesamiento de directorios en Redirect.bat de IBM Director anterior a 5.10 permite a un atacante remoto leer ficheros de sue elecci\u00f3n a trav\u00e9s de la secuencia ..(punto punto) en el par\u00e1metro file."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nIBM, Director, 5.10",
  "id": "CVE-2006-4681",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-09-11T17:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21802"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1016815"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19898"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3532"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28836"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/2320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1016815"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19898"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3532"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/2320"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2009-0879 (GCVE-0-2009-0879)

Vulnerability from cvelistv5 – Published: 2009-03-12 15:00 – Updated: 2024-08-07 04:48
VLAI?
Summary
The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:48:52.612Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-0656",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0656"
          },
          {
            "name": "52615",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/52615"
          },
          {
            "name": "20090310 SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded"
          },
          {
            "name": "34212",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34212"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
          },
          {
            "name": "director-cim-consumer-dos(49285)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285"
          },
          {
            "name": "1021825",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021825"
          },
          {
            "name": "34061",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34061"
          },
          {
            "name": "8190",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/8190"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2009-0656",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0656"
        },
        {
          "name": "52615",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/52615"
        },
        {
          "name": "20090310 SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded"
        },
        {
          "name": "34212",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34212"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
        },
        {
          "name": "director-cim-consumer-dos(49285)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285"
        },
        {
          "name": "1021825",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021825"
        },
        {
          "name": "34061",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34061"
        },
        {
          "name": "8190",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/8190"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0879",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-0656",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0656"
            },
            {
              "name": "52615",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/52615"
            },
            {
              "name": "20090310 SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded"
            },
            {
              "name": "34212",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34212"
            },
            {
              "name": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8",
              "refsource": "MISC",
              "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
            },
            {
              "name": "director-cim-consumer-dos(49285)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285"
            },
            {
              "name": "1021825",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1021825"
            },
            {
              "name": "34061",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34061"
            },
            {
              "name": "8190",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/8190"
            },
            {
              "name": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt",
              "refsource": "MISC",
              "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0879",
    "datePublished": "2009-03-12T15:00:00",
    "dateReserved": "2009-03-12T00:00:00",
    "dateUpdated": "2024-08-07T04:48:52.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-0880 (GCVE-0-2009-0880)

Vulnerability from cvelistv5 – Published: 2009-03-12 15:00 – Updated: 2024-08-07 04:48
VLAI?
Summary
Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:48:52.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-0656",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0656"
          },
          {
            "name": "52616",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/52616"
          },
          {
            "name": "20090310 SEC Consult SA-20090305-2 :: IBM Director CIM Server Local Privilege Escalation Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/501639/100/0/threaded"
          },
          {
            "name": "34065",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34065"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt"
          },
          {
            "name": "34212",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34212"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
          },
          {
            "name": "director-cim-directory-traversal(49286)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49286"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2009-0656",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0656"
        },
        {
          "name": "52616",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/52616"
        },
        {
          "name": "20090310 SEC Consult SA-20090305-2 :: IBM Director CIM Server Local Privilege Escalation Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/501639/100/0/threaded"
        },
        {
          "name": "34065",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34065"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt"
        },
        {
          "name": "34212",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34212"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
        },
        {
          "name": "director-cim-directory-traversal(49286)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49286"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0880",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-0656",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0656"
            },
            {
              "name": "52616",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/52616"
            },
            {
              "name": "20090310 SEC Consult SA-20090305-2 :: IBM Director CIM Server Local Privilege Escalation Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/501639/100/0/threaded"
            },
            {
              "name": "34065",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34065"
            },
            {
              "name": "https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt",
              "refsource": "MISC",
              "url": "https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt"
            },
            {
              "name": "34212",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34212"
            },
            {
              "name": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8",
              "refsource": "MISC",
              "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
            },
            {
              "name": "director-cim-directory-traversal(49286)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49286"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0880",
    "datePublished": "2009-03-12T15:00:00",
    "dateReserved": "2009-03-12T00:00:00",
    "dateUpdated": "2024-08-07T04:48:52.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-5612 (GCVE-0-2007-5612)

Vulnerability from cvelistv5 – Published: 2007-11-21 22:00 – Updated: 2024-08-07 15:39
VLAI?
Summary
CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.kb.cert.org/vuls/id/MIMG-78YMXE x_refsource_CONFIRM
http://www.securityfocus.com/bid/26509 vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.kb.cert.org/vuls/id/512193 third-party-advisoryx_refsource_CERT-VN
http://secunia.com/advisories/27752 third-party-advisoryx_refsource_SECUNIA
http://securitytracker.com/id?1018985 vdb-entryx_refsource_SECTRACK
http://www.vupen.com/english/advisories/2007/3942 vdb-entryx_refsource_VUPEN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:39:13.620Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/MIMG-78YMXE"
          },
          {
            "name": "26509",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26509"
          },
          {
            "name": "ibm-director-cim-dos(38583)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38583"
          },
          {
            "name": "VU#512193",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/512193"
          },
          {
            "name": "27752",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27752"
          },
          {
            "name": "1018985",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018985"
          },
          {
            "name": "ADV-2007-3942",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3942"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kb.cert.org/vuls/id/MIMG-78YMXE"
        },
        {
          "name": "26509",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26509"
        },
        {
          "name": "ibm-director-cim-dos(38583)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38583"
        },
        {
          "name": "VU#512193",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/512193"
        },
        {
          "name": "27752",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27752"
        },
        {
          "name": "1018985",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018985"
        },
        {
          "name": "ADV-2007-3942",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3942"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2007-5612",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.kb.cert.org/vuls/id/MIMG-78YMXE",
              "refsource": "CONFIRM",
              "url": "http://www.kb.cert.org/vuls/id/MIMG-78YMXE"
            },
            {
              "name": "26509",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26509"
            },
            {
              "name": "ibm-director-cim-dos(38583)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38583"
            },
            {
              "name": "VU#512193",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/512193"
            },
            {
              "name": "27752",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27752"
            },
            {
              "name": "1018985",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018985"
            },
            {
              "name": "ADV-2007-3942",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3942"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2007-5612",
    "datePublished": "2007-11-21T22:00:00",
    "dateReserved": "2007-10-21T00:00:00",
    "dateUpdated": "2024-08-07T15:39:13.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4681 (GCVE-0-2006-4681)

Vulnerability from cvelistv5 – Published: 2006-09-11 17:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_p… vendor-advisoryx_refsource_AIXAPAR
http://securitytracker.com/id?1016815 vdb-entryx_refsource_SECTRACK
http://www.vupen.com/english/advisories/2006/3532 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/21802 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/19898 vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/2320 exploitx_refsource_EXPLOIT-DB
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:23:41.058Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-director-redirect-directory-traversal(28836)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28836"
          },
          {
            "name": "IC46281",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
          },
          {
            "name": "1016815",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016815"
          },
          {
            "name": "ADV-2006-3532",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3532"
          },
          {
            "name": "21802",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21802"
          },
          {
            "name": "19898",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19898"
          },
          {
            "name": "2320",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/2320"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-18T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ibm-director-redirect-directory-traversal(28836)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28836"
        },
        {
          "name": "IC46281",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
        },
        {
          "name": "1016815",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016815"
        },
        {
          "name": "ADV-2006-3532",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3532"
        },
        {
          "name": "21802",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21802"
        },
        {
          "name": "19898",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19898"
        },
        {
          "name": "2320",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/2320"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4681",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-director-redirect-directory-traversal(28836)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28836"
            },
            {
              "name": "IC46281",
              "refsource": "AIXAPAR",
              "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
            },
            {
              "name": "1016815",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016815"
            },
            {
              "name": "ADV-2006-3532",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3532"
            },
            {
              "name": "21802",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21802"
            },
            {
              "name": "19898",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19898"
            },
            {
              "name": "2320",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/2320"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4681",
    "datePublished": "2006-09-11T17:00:00",
    "dateReserved": "2006-09-11T00:00:00",
    "dateUpdated": "2024-08-07T19:23:41.058Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4682 (GCVE-0-2006-4682)

Vulnerability from cvelistv5 – Published: 2006-09-11 17:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_p… vendor-advisoryx_refsource_AIXAPAR
ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_p… vendor-advisoryx_refsource_AIXAPAR
http://www.vupen.com/english/advisories/2006/3532 vdb-entryx_refsource_VUPEN
ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_p… vendor-advisoryx_refsource_AIXAPAR
http://secunia.com/advisories/21802 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/19915 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:23:41.316Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC46730",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
          },
          {
            "name": "IC46959",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
          },
          {
            "name": "ADV-2006-3532",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3532"
          },
          {
            "name": "IC46283",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
          },
          {
            "name": "21802",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21802"
          },
          {
            "name": "19915",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19915"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-02-26T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IC46730",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
        },
        {
          "name": "IC46959",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
        },
        {
          "name": "ADV-2006-3532",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3532"
        },
        {
          "name": "IC46283",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
        },
        {
          "name": "21802",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21802"
        },
        {
          "name": "19915",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19915"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4682",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC46730",
              "refsource": "AIXAPAR",
              "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
            },
            {
              "name": "IC46959",
              "refsource": "AIXAPAR",
              "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
            },
            {
              "name": "ADV-2006-3532",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3532"
            },
            {
              "name": "IC46283",
              "refsource": "AIXAPAR",
              "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
            },
            {
              "name": "21802",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21802"
            },
            {
              "name": "19915",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19915"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4682",
    "datePublished": "2006-09-11T17:00:00",
    "dateReserved": "2006-09-11T00:00:00",
    "dateUpdated": "2024-08-07T19:23:41.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4683 (GCVE-0-2006-4683)

Vulnerability from cvelistv5 – Published: 2006-09-11 17:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_p… vendor-advisoryx_refsource_AIXAPAR
http://www.vupen.com/english/advisories/2006/3532 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/21802 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/19915 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:23:40.698Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC47088",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
          },
          {
            "name": "ADV-2006-3532",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3532"
          },
          {
            "name": "21802",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21802"
          },
          {
            "name": "19915",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19915"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-02-26T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IC47088",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
        },
        {
          "name": "ADV-2006-3532",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3532"
        },
        {
          "name": "21802",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21802"
        },
        {
          "name": "19915",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19915"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4683",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC47088",
              "refsource": "AIXAPAR",
              "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
            },
            {
              "name": "ADV-2006-3532",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3532"
            },
            {
              "name": "21802",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21802"
            },
            {
              "name": "19915",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19915"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4683",
    "datePublished": "2006-09-11T17:00:00",
    "dateReserved": "2006-09-11T00:00:00",
    "dateUpdated": "2024-08-07T19:23:40.698Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-0879 (GCVE-0-2009-0879)

Vulnerability from nvd – Published: 2009-03-12 15:00 – Updated: 2024-08-07 04:48
VLAI?
Summary
The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:48:52.612Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-0656",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0656"
          },
          {
            "name": "52615",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/52615"
          },
          {
            "name": "20090310 SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded"
          },
          {
            "name": "34212",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34212"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
          },
          {
            "name": "director-cim-consumer-dos(49285)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285"
          },
          {
            "name": "1021825",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021825"
          },
          {
            "name": "34061",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34061"
          },
          {
            "name": "8190",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/8190"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2009-0656",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0656"
        },
        {
          "name": "52615",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/52615"
        },
        {
          "name": "20090310 SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded"
        },
        {
          "name": "34212",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34212"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
        },
        {
          "name": "director-cim-consumer-dos(49285)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285"
        },
        {
          "name": "1021825",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021825"
        },
        {
          "name": "34061",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34061"
        },
        {
          "name": "8190",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/8190"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0879",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-0656",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0656"
            },
            {
              "name": "52615",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/52615"
            },
            {
              "name": "20090310 SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded"
            },
            {
              "name": "34212",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34212"
            },
            {
              "name": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8",
              "refsource": "MISC",
              "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
            },
            {
              "name": "director-cim-consumer-dos(49285)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285"
            },
            {
              "name": "1021825",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1021825"
            },
            {
              "name": "34061",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34061"
            },
            {
              "name": "8190",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/8190"
            },
            {
              "name": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt",
              "refsource": "MISC",
              "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0879",
    "datePublished": "2009-03-12T15:00:00",
    "dateReserved": "2009-03-12T00:00:00",
    "dateUpdated": "2024-08-07T04:48:52.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-0880 (GCVE-0-2009-0880)

Vulnerability from nvd – Published: 2009-03-12 15:00 – Updated: 2024-08-07 04:48
VLAI?
Summary
Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:48:52.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-0656",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0656"
          },
          {
            "name": "52616",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/52616"
          },
          {
            "name": "20090310 SEC Consult SA-20090305-2 :: IBM Director CIM Server Local Privilege Escalation Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/501639/100/0/threaded"
          },
          {
            "name": "34065",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34065"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt"
          },
          {
            "name": "34212",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34212"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
          },
          {
            "name": "director-cim-directory-traversal(49286)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49286"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2009-0656",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0656"
        },
        {
          "name": "52616",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/52616"
        },
        {
          "name": "20090310 SEC Consult SA-20090305-2 :: IBM Director CIM Server Local Privilege Escalation Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/501639/100/0/threaded"
        },
        {
          "name": "34065",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34065"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt"
        },
        {
          "name": "34212",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34212"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
        },
        {
          "name": "director-cim-directory-traversal(49286)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49286"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0880",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-0656",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0656"
            },
            {
              "name": "52616",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/52616"
            },
            {
              "name": "20090310 SEC Consult SA-20090305-2 :: IBM Director CIM Server Local Privilege Escalation Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/501639/100/0/threaded"
            },
            {
              "name": "34065",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34065"
            },
            {
              "name": "https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt",
              "refsource": "MISC",
              "url": "https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt"
            },
            {
              "name": "34212",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34212"
            },
            {
              "name": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8",
              "refsource": "MISC",
              "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
            },
            {
              "name": "director-cim-directory-traversal(49286)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49286"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0880",
    "datePublished": "2009-03-12T15:00:00",
    "dateReserved": "2009-03-12T00:00:00",
    "dateUpdated": "2024-08-07T04:48:52.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-5612 (GCVE-0-2007-5612)

Vulnerability from nvd – Published: 2007-11-21 22:00 – Updated: 2024-08-07 15:39
VLAI?
Summary
CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.kb.cert.org/vuls/id/MIMG-78YMXE x_refsource_CONFIRM
http://www.securityfocus.com/bid/26509 vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.kb.cert.org/vuls/id/512193 third-party-advisoryx_refsource_CERT-VN
http://secunia.com/advisories/27752 third-party-advisoryx_refsource_SECUNIA
http://securitytracker.com/id?1018985 vdb-entryx_refsource_SECTRACK
http://www.vupen.com/english/advisories/2007/3942 vdb-entryx_refsource_VUPEN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:39:13.620Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/MIMG-78YMXE"
          },
          {
            "name": "26509",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26509"
          },
          {
            "name": "ibm-director-cim-dos(38583)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38583"
          },
          {
            "name": "VU#512193",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/512193"
          },
          {
            "name": "27752",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27752"
          },
          {
            "name": "1018985",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018985"
          },
          {
            "name": "ADV-2007-3942",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3942"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kb.cert.org/vuls/id/MIMG-78YMXE"
        },
        {
          "name": "26509",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26509"
        },
        {
          "name": "ibm-director-cim-dos(38583)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38583"
        },
        {
          "name": "VU#512193",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/512193"
        },
        {
          "name": "27752",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27752"
        },
        {
          "name": "1018985",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018985"
        },
        {
          "name": "ADV-2007-3942",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3942"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2007-5612",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.kb.cert.org/vuls/id/MIMG-78YMXE",
              "refsource": "CONFIRM",
              "url": "http://www.kb.cert.org/vuls/id/MIMG-78YMXE"
            },
            {
              "name": "26509",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26509"
            },
            {
              "name": "ibm-director-cim-dos(38583)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38583"
            },
            {
              "name": "VU#512193",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/512193"
            },
            {
              "name": "27752",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27752"
            },
            {
              "name": "1018985",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018985"
            },
            {
              "name": "ADV-2007-3942",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3942"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2007-5612",
    "datePublished": "2007-11-21T22:00:00",
    "dateReserved": "2007-10-21T00:00:00",
    "dateUpdated": "2024-08-07T15:39:13.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4681 (GCVE-0-2006-4681)

Vulnerability from nvd – Published: 2006-09-11 17:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_p… vendor-advisoryx_refsource_AIXAPAR
http://securitytracker.com/id?1016815 vdb-entryx_refsource_SECTRACK
http://www.vupen.com/english/advisories/2006/3532 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/21802 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/19898 vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/2320 exploitx_refsource_EXPLOIT-DB
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:23:41.058Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-director-redirect-directory-traversal(28836)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28836"
          },
          {
            "name": "IC46281",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
          },
          {
            "name": "1016815",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016815"
          },
          {
            "name": "ADV-2006-3532",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3532"
          },
          {
            "name": "21802",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21802"
          },
          {
            "name": "19898",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19898"
          },
          {
            "name": "2320",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/2320"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-18T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ibm-director-redirect-directory-traversal(28836)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28836"
        },
        {
          "name": "IC46281",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
        },
        {
          "name": "1016815",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016815"
        },
        {
          "name": "ADV-2006-3532",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3532"
        },
        {
          "name": "21802",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21802"
        },
        {
          "name": "19898",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19898"
        },
        {
          "name": "2320",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/2320"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4681",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-director-redirect-directory-traversal(28836)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28836"
            },
            {
              "name": "IC46281",
              "refsource": "AIXAPAR",
              "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
            },
            {
              "name": "1016815",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016815"
            },
            {
              "name": "ADV-2006-3532",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3532"
            },
            {
              "name": "21802",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21802"
            },
            {
              "name": "19898",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19898"
            },
            {
              "name": "2320",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/2320"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4681",
    "datePublished": "2006-09-11T17:00:00",
    "dateReserved": "2006-09-11T00:00:00",
    "dateUpdated": "2024-08-07T19:23:41.058Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4682 (GCVE-0-2006-4682)

Vulnerability from nvd – Published: 2006-09-11 17:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_p… vendor-advisoryx_refsource_AIXAPAR
ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_p… vendor-advisoryx_refsource_AIXAPAR
http://www.vupen.com/english/advisories/2006/3532 vdb-entryx_refsource_VUPEN
ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_p… vendor-advisoryx_refsource_AIXAPAR
http://secunia.com/advisories/21802 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/19915 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:23:41.316Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC46730",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
          },
          {
            "name": "IC46959",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
          },
          {
            "name": "ADV-2006-3532",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3532"
          },
          {
            "name": "IC46283",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
          },
          {
            "name": "21802",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21802"
          },
          {
            "name": "19915",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19915"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-02-26T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IC46730",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
        },
        {
          "name": "IC46959",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
        },
        {
          "name": "ADV-2006-3532",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3532"
        },
        {
          "name": "IC46283",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
        },
        {
          "name": "21802",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21802"
        },
        {
          "name": "19915",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19915"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4682",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC46730",
              "refsource": "AIXAPAR",
              "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
            },
            {
              "name": "IC46959",
              "refsource": "AIXAPAR",
              "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
            },
            {
              "name": "ADV-2006-3532",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3532"
            },
            {
              "name": "IC46283",
              "refsource": "AIXAPAR",
              "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
            },
            {
              "name": "21802",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21802"
            },
            {
              "name": "19915",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19915"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4682",
    "datePublished": "2006-09-11T17:00:00",
    "dateReserved": "2006-09-11T00:00:00",
    "dateUpdated": "2024-08-07T19:23:41.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4683 (GCVE-0-2006-4683)

Vulnerability from nvd – Published: 2006-09-11 17:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_p… vendor-advisoryx_refsource_AIXAPAR
http://www.vupen.com/english/advisories/2006/3532 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/21802 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/19915 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:23:40.698Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "IC47088",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
          },
          {
            "name": "ADV-2006-3532",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3532"
          },
          {
            "name": "21802",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21802"
          },
          {
            "name": "19915",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19915"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-02-26T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "IC47088",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
        },
        {
          "name": "ADV-2006-3532",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3532"
        },
        {
          "name": "21802",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21802"
        },
        {
          "name": "19915",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19915"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4683",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IC47088",
              "refsource": "AIXAPAR",
              "url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/dir5.10_docs_relnotes.pdf"
            },
            {
              "name": "ADV-2006-3532",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3532"
            },
            {
              "name": "21802",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21802"
            },
            {
              "name": "19915",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19915"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4683",
    "datePublished": "2006-09-11T17:00:00",
    "dateReserved": "2006-09-11T00:00:00",
    "dateUpdated": "2024-08-07T19:23:40.698Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}