cvelistv5 - CVE-2009-0879

CVE-2009-0879 (GCVE-0-2009-0879)

Vulnerability from cvelistv5 – Published: 2009-03-12 15:00 – Updated: 2024-08-07 04:48

Summary

The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2009/0656	vdb-entryx_refsource_VUPEN
	http://osvdb.org/52615	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/archive/1/501638/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/34212	third-party-advisoryx_refsource_SECUNIA
	https://www14.software.ibm.com/webapp/iwm/web/reg…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://securitytracker.com/id?1021825	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/34061	vdb-entryx_refsource_BID
	https://www.exploit-db.com/exploits/8190	exploitx_refsource_EXPLOIT-DB
	https://www.sec-consult.com/files/20090305-1_IBM_…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:48:52.612Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2009-0656",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0656"
          },
          {
            "name": "52615",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/52615"
          },
          {
            "name": "20090310 SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded"
          },
          {
            "name": "34212",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34212"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
          },
          {
            "name": "director-cim-consumer-dos(49285)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285"
          },
          {
            "name": "1021825",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021825"
          },
          {
            "name": "34061",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34061"
          },
          {
            "name": "8190",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/8190"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2009-0656",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0656"
        },
        {
          "name": "52615",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/52615"
        },
        {
          "name": "20090310 SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded"
        },
        {
          "name": "34212",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34212"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
        },
        {
          "name": "director-cim-consumer-dos(49285)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285"
        },
        {
          "name": "1021825",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021825"
        },
        {
          "name": "34061",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34061"
        },
        {
          "name": "8190",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/8190"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0879",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-0656",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0656"
            },
            {
              "name": "52615",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/52615"
            },
            {
              "name": "20090310 SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded"
            },
            {
              "name": "34212",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34212"
            },
            {
              "name": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8",
              "refsource": "MISC",
              "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
            },
            {
              "name": "director-cim-consumer-dos(49285)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285"
            },
            {
              "name": "1021825",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1021825"
            },
            {
              "name": "34061",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34061"
            },
            {
              "name": "8190",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/8190"
            },
            {
              "name": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt",
              "refsource": "MISC",
              "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0879",
    "datePublished": "2009-03-12T15:00:00",
    "dateReserved": "2009-03-12T00:00:00",
    "dateUpdated": "2024-08-07T04:48:52.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:director:*:service_update_1:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.20.3\", \"matchCriteriaId\": \"D525C638-4015-4E45-9A82-1CABAC1DCC54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:director:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D18E2470-6359-4E0C-83E7-880FA6EC8520\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:director:4.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"622C9C51-0EB7-449F-96F0-07BC976CADDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:director:4.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B2A9EE4-B5EA-451E-9A50-0BB901A7BD2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:director:4.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05D211F7-9F61-4E93-8C5E-596B782E0BC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:director:4.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5EE0669-1042-4580-8883-793C2F4272C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:director:4.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92C5D77E-60BC-406F-86F6-2F1F0C9C8E37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:director:4.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E60AE021-6483-4075-B0F5-4DBF49F5332A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:director:5.10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6AA0F5AD-D17D-492B-B463-52C40BA0B03B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:director:5.10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AD25392-1D9D-47C9-BAE3-7C2B24663A20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:director:5.10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2D5A503-C92F-4EB9-8B5F-F59A1C6FAB76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:director:5.10.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"824785BD-CA6D-4FDB-ADB3-428360D2F624\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:director:5.20.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BCA51AD-90E3-4DC5-BA4A-95A8B55C2DDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:director:5.20.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0B3F58B-3D5C-4B3D-BA72-050270D741AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:director:5.20.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA69558A-697A-4FEC-A8EA-7E71DF9C4764\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.\"}, {\"lang\": \"es\", \"value\": \"El servidor CIM en IBM Director anterior a v5.20.3 Service Update 2 sobre Windows permite a los atacantes remotos provocar una denegaci\\u00f3n de servicio (ca\\u00edda del demonio) a trav\\u00e9s de un nombre largo \\\"consumer\\\", como se ha demostrado en una petici\\u00f3n M-POST a una URI larga /CIMListener/.\"}]",
      "id": "CVE-2009-0879",
      "lastModified": "2024-11-21T01:01:08.097",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-03-12T15:20:49.953",
      "references": "[{\"url\": \"http://osvdb.org/52615\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/34212\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1021825\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/501638/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/34061\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0656\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/49285\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/8190\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/52615\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/34212\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1021825\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/501638/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/34061\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0656\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/49285\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/8190\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0879\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-03-12T15:20:49.953\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.\"},{\"lang\":\"es\",\"value\":\"El servidor CIM en IBM Director anterior a v5.20.3 Service Update 2 sobre Windows permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de un nombre largo \\\"consumer\\\", como se ha demostrado en una petici\u00f3n M-POST a una URI larga /CIMListener/.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:director:*:service_update_1:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.20.3\",\"matchCriteriaId\":\"D525C638-4015-4E45-9A82-1CABAC1DCC54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:director:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D18E2470-6359-4E0C-83E7-880FA6EC8520\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:director:4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"622C9C51-0EB7-449F-96F0-07BC976CADDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:director:4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B2A9EE4-B5EA-451E-9A50-0BB901A7BD2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:director:4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05D211F7-9F61-4E93-8C5E-596B782E0BC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:director:4.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5EE0669-1042-4580-8883-793C2F4272C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:director:4.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92C5D77E-60BC-406F-86F6-2F1F0C9C8E37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:director:4.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E60AE021-6483-4075-B0F5-4DBF49F5332A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:director:5.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AA0F5AD-D17D-492B-B463-52C40BA0B03B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:director:5.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AD25392-1D9D-47C9-BAE3-7C2B24663A20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:director:5.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2D5A503-C92F-4EB9-8B5F-F59A1C6FAB76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:director:5.10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"824785BD-CA6D-4FDB-ADB3-428360D2F624\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:director:5.20.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BCA51AD-90E3-4DC5-BA4A-95A8B55C2DDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:director:5.20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0B3F58B-3D5C-4B3D-BA72-050270D741AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:director:5.20.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA69558A-697A-4FEC-A8EA-7E71DF9C4764\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/52615\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/34212\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1021825\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/501638/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/34061\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0656\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49285\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/8190\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/52615\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1021825\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/501638/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/34061\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0656\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49285\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/8190\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

GHSA-M59H-8962-2RC8

Vulnerability from github – Published: 2022-05-02 03:19 – Updated: 2022-05-02 03:19

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0879"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-03-12T15:20:00Z",
    "severity": "MODERATE"
  },
  "details": "The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.",
  "id": "GHSA-m59h-8962-2rc8",
  "modified": "2022-05-02T03:19:02Z",
  "published": "2022-05-02T03:19:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0879"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/8190"
    },
    {
      "type": "WEB",
      "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt"
    },
    {
      "type": "WEB",
      "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/52615"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34212"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1021825"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34061"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0656"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2009-0879

Vulnerability from fkie_nvd - Published: 2009-03-12 15:20 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/52615
cve@mitre.org	http://secunia.com/advisories/34212	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1021825	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/501638/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/34061
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0656	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/49285
cve@mitre.org	https://www.exploit-db.com/exploits/8190
cve@mitre.org	https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt	Exploit
cve@mitre.org	https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/52615
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34212	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1021825	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/501638/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34061
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0656	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/49285
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/8190
af854a3a-2127-422b-91ae-364da2661108	https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	director	*
ibm	director	3.1.1
ibm	director	4.10
ibm	director	4.11
ibm	director	4.12
ibm	director	4.20
ibm	director	4.21
ibm	director	4.22
ibm	director	5.10.0
ibm	director	5.10.1
ibm	director	5.10.2
ibm	director	5.10.3
ibm	director	5.20.0
ibm	director	5.20.1
ibm	director	5.20.2
microsoft	windows	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:director:*:service_update_1:*:*:*:*:*:*",
              "matchCriteriaId": "D525C638-4015-4E45-9A82-1CABAC1DCC54",
              "versionEndIncluding": "5.20.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18E2470-6359-4E0C-83E7-880FA6EC8520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "622C9C51-0EB7-449F-96F0-07BC976CADDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B2A9EE4-B5EA-451E-9A50-0BB901A7BD2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "05D211F7-9F61-4E93-8C5E-596B782E0BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5EE0669-1042-4580-8883-793C2F4272C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "92C5D77E-60BC-406F-86F6-2F1F0C9C8E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60AE021-6483-4075-B0F5-4DBF49F5332A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AA0F5AD-D17D-492B-B463-52C40BA0B03B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AD25392-1D9D-47C9-BAE3-7C2B24663A20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2D5A503-C92F-4EB9-8B5F-F59A1C6FAB76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "824785BD-CA6D-4FDB-ADB3-428360D2F624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BCA51AD-90E3-4DC5-BA4A-95A8B55C2DDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B3F58B-3D5C-4B3D-BA72-050270D741AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA69558A-697A-4FEC-A8EA-7E71DF9C4764",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI."
    },
    {
      "lang": "es",
      "value": "El servidor CIM en IBM Director anterior a v5.20.3 Service Update 2 sobre Windows permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de un nombre largo \"consumer\", como se ha demostrado en una petici\u00f3n M-POST a una URI larga /CIMListener/."
    }
  ],
  "id": "CVE-2009-0879",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-03-12T15:20:49.953",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/52615"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34212"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1021825"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34061"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0656"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/8190"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/52615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1021825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/8190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2009-0879

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0879

Aliases

CVE-2009-0879

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0879",
    "description": "The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.",
    "id": "GSD-2009-0879"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0879"
      ],
      "details": "The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.",
      "id": "GSD-2009-0879",
      "modified": "2023-12-13T01:19:44.917771Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-0879",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2009-0656",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/0656"
          },
          {
            "name": "52615",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/52615"
          },
          {
            "name": "20090310 SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded"
          },
          {
            "name": "34212",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34212"
          },
          {
            "name": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8",
            "refsource": "MISC",
            "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
          },
          {
            "name": "director-cim-consumer-dos(49285)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285"
          },
          {
            "name": "1021825",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1021825"
          },
          {
            "name": "34061",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/34061"
          },
          {
            "name": "8190",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/8190"
          },
          {
            "name": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt",
            "refsource": "MISC",
            "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:director:4.22:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:director:4.21:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:director:5.20.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:director:5.10.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:director:3.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:director:*:service_update_1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.20.3",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:director:5.10.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:director:5.10.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:director:5.10.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:director:4.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:director:5.20.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:director:5.20.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:director:4.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:director:4.12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:director:4.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0879"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt"
            },
            {
              "name": "1021825",
              "refsource": "SECTRACK",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://securitytracker.com/id?1021825"
            },
            {
              "name": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
            },
            {
              "name": "34212",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/34212"
            },
            {
              "name": "ADV-2009-0656",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0656"
            },
            {
              "name": "52615",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/52615"
            },
            {
              "name": "34061",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/34061"
            },
            {
              "name": "director-cim-consumer-dos(49285)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285"
            },
            {
              "name": "8190",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/8190"
            },
            {
              "name": "20090310 SEC Consult SA-20090305-1 :: IBM Director CIM Server Remote Denial of Service Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-10T19:32Z",
      "publishedDate": "2009-03-12T15:20Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0879 (GCVE-0-2009-0879)

GHSA-M59H-8962-2RC8

FKIE_CVE-2009-0879

GSD-2009-0879

Tags

Sightings

Nomenclature