Vulnerability-Lookup

CVE-2008-0389 (GCVE-0-2008-0389)

Vulnerability from cvelistv5 – Published: 2008-01-23 01:00 – Updated: 2024-08-07 07:46

Summary

Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2008/1133	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/29687	third-party-advisoryx_refsource_SECUNIA
	http://www-1.ibm.com/support/docview.wss?uid=swg2…	vendor-advisoryx_refsource_AIXAPAR
	http://www-1.ibm.com/support/docview.wss?uid=swg2…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2008/0219	vdb-entryx_refsource_VUPEN
	http://www-1.ibm.com/support/docview.wss?uid=swg2…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securitytracker.com/id?1019894	vdb-entryx_refsource_SECTRACK
	http://www.securitytracker.com/id?1019251	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/28576	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/27371	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:46:54.254Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2008-1133",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1133"
          },
          {
            "name": "29687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29687"
          },
          {
            "name": "PK52059",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018067"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018067"
          },
          {
            "name": "ADV-2008-0219",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0219"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118"
          },
          {
            "name": "websphere-serveservlets-unspecified(39808)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39808"
          },
          {
            "name": "1019894",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019894"
          },
          {
            "name": "1019251",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019251"
          },
          {
            "name": "28576",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28576"
          },
          {
            "name": "27371",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27371"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2008-1133",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1133"
        },
        {
          "name": "29687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29687"
        },
        {
          "name": "PK52059",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018067"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018067"
        },
        {
          "name": "ADV-2008-0219",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0219"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118"
        },
        {
          "name": "websphere-serveservlets-unspecified(39808)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39808"
        },
        {
          "name": "1019894",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019894"
        },
        {
          "name": "1019251",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019251"
        },
        {
          "name": "28576",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28576"
        },
        {
          "name": "27371",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27371"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0389",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2008-1133",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1133"
            },
            {
              "name": "29687",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29687"
            },
            {
              "name": "PK52059",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018067"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg24018067",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018067"
            },
            {
              "name": "ADV-2008-0219",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0219"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118"
            },
            {
              "name": "websphere-serveservlets-unspecified(39808)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39808"
            },
            {
              "name": "1019894",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019894"
            },
            {
              "name": "1019251",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019251"
            },
            {
              "name": "28576",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28576"
            },
            {
              "name": "27371",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27371"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0389",
    "datePublished": "2008-01-23T01:00:00",
    "dateReserved": "2008-01-22T00:00:00",
    "dateUpdated": "2024-08-07T07:46:54.254Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.1.1.17\", \"matchCriteriaId\": \"1E42B3D6-7400-45D1-82D6-C187B5E50789\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31419896-89F7-43A2-8B7C-3B92744BBC46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:5.1.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDA0FE3E-2FB7-415D-BC64-4B5157EABB21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:5.1.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"559355CF-7FA8-4D90-8393-90C912F571C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:5.1.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"355967D9-475A-49AF-A3FF-E0AC3668B289\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:5.1.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DBE79CF3-16A3-40FB-BD7D-5D70DEB0EE09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:5.1.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC04CE9C-82B4-4406-823A-69A5E13ECA49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:5.1.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F6A5B3A-E57D-4574-A481-7EDA93664076\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:5.1.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"425890C2-FC96-4191-B512-6A3DB7BCE2D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:5.1.1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BABB4A4-182D-4FB1-88AD-B6D6EDAE10C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:5.1.1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CF8ED4D-D2B6-49EC-930A-16A78E729F17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:5.1.1.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D8219D5-94D7-4E1B-BFA9-EF786FFD2C3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:5.1.1.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F8AFDEA-237C-40CA-AFC1-ED8D212FF867\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:5.1.1.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F215B48-7ED5-45EB-BD26-3D3EAD01506F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:5.1.1.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C47D1C56-238B-414B-B2D2-D7069E42D001\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:5.1.1.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"625B5901-B0AF-4D00-BC56-525A6F72943D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01F45BA3-6504-47AF-B757-7B6D3526FBF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE27E903-6D65-4D29-9583-43FB4CB473B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"714C405D-1E8F-45C1-8A09-5103F0080C76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:fp17:*:*:*:*:*\", \"matchCriteriaId\": \"D592217D-3489-40AE-8338-BF5AA5BBA251\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7F31FD3-8681-4F07-9644-5CC87D512520\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"458BAD79-958E-4665-B1F8-0D46E0C57045\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC1A723F-D685-4FE5-8938-5682A2D02155\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9643B593-DADF-4F57-B41E-541C7F554A4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"521DB050-3C94-49BF-8666-6EC2C358AA27\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB4AB6BD-4439-4100-A3CE-4600AED10B65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"375DF4AF-3C7C-47C3-BBB8-AF2B3827AC13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F200042C-D45E-4CAD-BF6E-E3DADF4D1D21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4421929D-C4B9-43C5-BE61-E68484D3B198\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB622117-C91F-47D2-9832-B7DB340796E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D65E0CC-FA8C-41FD-B256-47DB0C9757FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D87691D-0719-4447-B258-5FA2BD10F11A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B9CDD56-921C-4FAF-87E2-14B91EC1A93D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FFCD0A1-64B4-4AE7-8161-D8A71F9D6904\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C086B402-55AC-4913-A929-380EBC438988\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4FC14C3-5BFF-4F56-BBD2-3219E7151BF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40D5CB7D-BD01-4EF3-AF8B-100C200A4C23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"736A02C8-784F-4CEE-BACF-C5C37E8930C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.1.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"200B6A88-EFBD-4935-9596-D8EF3BC24D32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.1.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20131F92-09B2-41D8-B5D9-38EFE6883EC0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad no especificada en la funci\\u00f3n serveServletsByClassnameEnabled en IBM WebSphere Application Server (WAS) versiones 6.0 hasta 6.0.2.25, versiones 6.1 hasta 6.1.0.14 y versiones 5.1.1.x anteriores a 5.1.1.18, presenta un impacto desconocido y vectores de ataque.\"}]",
      "id": "CVE-2008-0389",
      "lastModified": "2024-11-21T00:41:58.467",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": true, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-01-23T02:00:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/28576\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29687\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg24018067\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg24018067\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/27371\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1019251\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019894\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0219\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1133\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39808\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28576\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29687\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg24018067\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg24018067\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/27371\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securitytracker.com/id?1019251\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019894\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0219\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1133\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39808\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0389\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-01-23T02:00:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad no especificada en la funci\u00f3n serveServletsByClassnameEnabled en IBM WebSphere Application Server (WAS) versiones 6.0 hasta 6.0.2.25, versiones 6.1 hasta 6.1.0.14 y versiones 5.1.1.x anteriores a 5.1.1.18, presenta un impacto desconocido y vectores de ataque.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.1.1.17\",\"matchCriteriaId\":\"1E42B3D6-7400-45D1-82D6-C187B5E50789\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31419896-89F7-43A2-8B7C-3B92744BBC46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:5.1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDA0FE3E-2FB7-415D-BC64-4B5157EABB21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:5.1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"559355CF-7FA8-4D90-8393-90C912F571C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:5.1.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"355967D9-475A-49AF-A3FF-E0AC3668B289\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:5.1.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBE79CF3-16A3-40FB-BD7D-5D70DEB0EE09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:5.1.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC04CE9C-82B4-4406-823A-69A5E13ECA49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:5.1.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F6A5B3A-E57D-4574-A481-7EDA93664076\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:5.1.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"425890C2-FC96-4191-B512-6A3DB7BCE2D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:5.1.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BABB4A4-182D-4FB1-88AD-B6D6EDAE10C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:5.1.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CF8ED4D-D2B6-49EC-930A-16A78E729F17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:5.1.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D8219D5-94D7-4E1B-BFA9-EF786FFD2C3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:5.1.1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F8AFDEA-237C-40CA-AFC1-ED8D212FF867\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:5.1.1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F215B48-7ED5-45EB-BD26-3D3EAD01506F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:5.1.1.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C47D1C56-238B-414B-B2D2-D7069E42D001\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:5.1.1.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"625B5901-B0AF-4D00-BC56-525A6F72943D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01F45BA3-6504-47AF-B757-7B6D3526FBF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE27E903-6D65-4D29-9583-43FB4CB473B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"714C405D-1E8F-45C1-8A09-5103F0080C76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:fp17:*:*:*:*:*\",\"matchCriteriaId\":\"D592217D-3489-40AE-8338-BF5AA5BBA251\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7F31FD3-8681-4F07-9644-5CC87D512520\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"458BAD79-958E-4665-B1F8-0D46E0C57045\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC1A723F-D685-4FE5-8938-5682A2D02155\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9643B593-DADF-4F57-B41E-541C7F554A4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"521DB050-3C94-49BF-8666-6EC2C358AA27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB4AB6BD-4439-4100-A3CE-4600AED10B65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"375DF4AF-3C7C-47C3-BBB8-AF2B3827AC13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F200042C-D45E-4CAD-BF6E-E3DADF4D1D21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4421929D-C4B9-43C5-BE61-E68484D3B198\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB622117-C91F-47D2-9832-B7DB340796E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D65E0CC-FA8C-41FD-B256-47DB0C9757FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D87691D-0719-4447-B258-5FA2BD10F11A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B9CDD56-921C-4FAF-87E2-14B91EC1A93D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FFCD0A1-64B4-4AE7-8161-D8A71F9D6904\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C086B402-55AC-4913-A929-380EBC438988\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4FC14C3-5BFF-4F56-BBD2-3219E7151BF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40D5CB7D-BD01-4EF3-AF8B-100C200A4C23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"736A02C8-784F-4CEE-BACF-C5C37E8930C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"200B6A88-EFBD-4935-9596-D8EF3BC24D32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20131F92-09B2-41D8-B5D9-38EFE6883EC0\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/28576\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29687\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg24018067\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg24018067\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/27371\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1019251\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019894\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0219\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1133\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39808\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28576\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg24018067\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg24018067\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/27371\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1019251\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019894\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0219\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39808\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-2334-74RR-746W

Vulnerability from github – Published: 2022-05-01 23:29 – Updated: 2022-05-01 23:29

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0389"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-01-23T02:00:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors.",
  "id": "GHSA-2334-74rr-746w",
  "modified": "2022-05-01T23:29:49Z",
  "published": "2022-05-01T23:29:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0389"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39808"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28576"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29687"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018067"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27371"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019251"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019894"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0219"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1133"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2008-AVI-035

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été découvertes dans des produits IBM. L'exploitation de ces vulnérabilités permet de provoquer un déni de service ou d'effectuer des actions malveillantes sur le système de fichiers de la machine cible.

Description

Plusieurs vulnérabilités ont été découvertes dans des produits IBM :

une vulnérabilité dans l'applicatif IBM Tivoli Provisioning Manager for OS Deployment permet à un utilisateur malintentionné d'effectuer un déni de service depuis le réseau local ;
une vulnérabilité dans l'applicatif IBM Tivoli Business Service Manager permet de récupérer des mots de passes stockés en clair ;
une vulnérabilité dans l'applicatif IBM Websphere Business Modeler permet à un utilisateur légitime malintentionné d'effacer des données importantes ne lui appartenant pas.
D'autres vulnérabilités dont l'impact n'a pas été spécifié par IBM ont été découvertes dans IBM Websphere Application Server.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Tivoli	IBM Tivoli Provisioning Manager for OS Deployment 5.x ;
IBM	Tivoli	IBM Tivoli Business Service Manager 4.x ;
IBM	WebSphere	IBM Websphere Business Modeler 6.x ;
IBM	WebSphere	IBM Websphere Application Server 6.0.X.

References

Title

Publication Time

Tags

Mises à jour de sécurité IBM	None	vendor-advisory
Bulletin de sécurité IBM swg24017939 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018061 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018060 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg27006876 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018010 du 23 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Tivoli Provisioning Manager for OS Deployment 5.x ;",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Tivoli Business Service Manager 4.x ;",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Websphere Business Modeler 6.x ;",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Websphere Application Server 6.0.X.",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans des produits IBM :\n\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Tivoli Provisioning Manager\n    for OS Deployment permet \u00e0 un utilisateur malintentionn\u00e9 d\u0027effectuer\n    un d\u00e9ni de service depuis le r\u00e9seau local ;\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Tivoli Business Service\n    Manager permet de r\u00e9cup\u00e9rer des mots de passes stock\u00e9s en clair ;\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Websphere Business Modeler\n    permet \u00e0 un utilisateur l\u00e9gitime malintentionn\u00e9 d\u0027effacer des\n    donn\u00e9es importantes ne lui appartenant pas.\n-   D\u0027autres vuln\u00e9rabilit\u00e9s dont l\u0027impact n\u0027a pas \u00e9t\u00e9 sp\u00e9cifi\u00e9 par IBM\n    ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Websphere Application Server.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0389"
    },
    {
      "name": "CVE-2008-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0401"
    },
    {
      "name": "CVE-2008-0402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0402"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24017939 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017939"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018061 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018060 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg27006876 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006876"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018010 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010"
    }
  ],
  "reference": "CERTA-2008-AVI-035",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans des produits IBM.\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de provoquer un d\u00e9ni de\nservice ou d\u0027effectuer des actions malveillantes sur le syst\u00e8me de\nfichiers de la machine cible.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s des produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mises \u00e0 jour de s\u00e9curit\u00e9 IBM",
      "url": null
    }
  ]
}

CERTA-2008-AVI-035

Vulnerability from certfr_avis - Published: - Updated:

Description

Plusieurs vulnérabilités ont été découvertes dans des produits IBM :

une vulnérabilité dans l'applicatif IBM Tivoli Provisioning Manager for OS Deployment permet à un utilisateur malintentionné d'effectuer un déni de service depuis le réseau local ;
une vulnérabilité dans l'applicatif IBM Tivoli Business Service Manager permet de récupérer des mots de passes stockés en clair ;
une vulnérabilité dans l'applicatif IBM Websphere Business Modeler permet à un utilisateur légitime malintentionné d'effacer des données importantes ne lui appartenant pas.
D'autres vulnérabilités dont l'impact n'a pas été spécifié par IBM ont été découvertes dans IBM Websphere Application Server.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Tivoli	IBM Tivoli Provisioning Manager for OS Deployment 5.x ;
IBM	Tivoli	IBM Tivoli Business Service Manager 4.x ;
IBM	WebSphere	IBM Websphere Business Modeler 6.x ;
IBM	WebSphere	IBM Websphere Application Server 6.0.X.

References

Title

Publication Time

Tags

Mises à jour de sécurité IBM	None	vendor-advisory
Bulletin de sécurité IBM swg24017939 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018061 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018060 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg27006876 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018010 du 23 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Tivoli Provisioning Manager for OS Deployment 5.x ;",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Tivoli Business Service Manager 4.x ;",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Websphere Business Modeler 6.x ;",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Websphere Application Server 6.0.X.",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans des produits IBM :\n\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Tivoli Provisioning Manager\n    for OS Deployment permet \u00e0 un utilisateur malintentionn\u00e9 d\u0027effectuer\n    un d\u00e9ni de service depuis le r\u00e9seau local ;\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Tivoli Business Service\n    Manager permet de r\u00e9cup\u00e9rer des mots de passes stock\u00e9s en clair ;\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Websphere Business Modeler\n    permet \u00e0 un utilisateur l\u00e9gitime malintentionn\u00e9 d\u0027effacer des\n    donn\u00e9es importantes ne lui appartenant pas.\n-   D\u0027autres vuln\u00e9rabilit\u00e9s dont l\u0027impact n\u0027a pas \u00e9t\u00e9 sp\u00e9cifi\u00e9 par IBM\n    ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Websphere Application Server.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0389"
    },
    {
      "name": "CVE-2008-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0401"
    },
    {
      "name": "CVE-2008-0402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0402"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24017939 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017939"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018061 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018060 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg27006876 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006876"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018010 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010"
    }
  ],
  "reference": "CERTA-2008-AVI-035",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans des produits IBM.\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de provoquer un d\u00e9ni de\nservice ou d\u0027effectuer des actions malveillantes sur le syst\u00e8me de\nfichiers de la machine cible.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s des produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mises \u00e0 jour de s\u00e9curit\u00e9 IBM",
      "url": null
    }
  ]
}

FKIE_CVE-2008-0389

Vulnerability from fkie_nvd - Published: 2008-01-23 02:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/28576	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29687	Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg24018067
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg24018067
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118
cve@mitre.org	http://www.securityfocus.com/bid/27371	Patch
cve@mitre.org	http://www.securitytracker.com/id?1019251
cve@mitre.org	http://www.securitytracker.com/id?1019894
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0219	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1133	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39808
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28576	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29687	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg24018067
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg24018067
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27371	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019251
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019894
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0219	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1133	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39808

Impacted products

Vendor	Product	Version
ibm	websphere_application_server	*
ibm	websphere_application_server	5.1.1
ibm	websphere_application_server	5.1.1.1
ibm	websphere_application_server	5.1.1.2
ibm	websphere_application_server	5.1.1.3
ibm	websphere_application_server	5.1.1.4
ibm	websphere_application_server	5.1.1.5
ibm	websphere_application_server	5.1.1.6
ibm	websphere_application_server	5.1.1.7
ibm	websphere_application_server	5.1.1.8
ibm	websphere_application_server	5.1.1.9
ibm	websphere_application_server	5.1.1.10
ibm	websphere_application_server	5.1.1.12
ibm	websphere_application_server	5.1.1.14
ibm	websphere_application_server	5.1.1.15
ibm	websphere_application_server	5.1.1.16
ibm	websphere_application_server	6.0
ibm	websphere_application_server	6.0.1
ibm	websphere_application_server	6.0.2
ibm	websphere_application_server	6.0.2
ibm	websphere_application_server	6.0.2.1
ibm	websphere_application_server	6.0.2.3
ibm	websphere_application_server	6.0.2.5
ibm	websphere_application_server	6.0.2.7
ibm	websphere_application_server	6.0.2.9
ibm	websphere_application_server	6.0.2.11
ibm	websphere_application_server	6.0.2.13
ibm	websphere_application_server	6.0.2.19
ibm	websphere_application_server	6.0.2.22
ibm	websphere_application_server	6.0.2.23
ibm	websphere_application_server	6.0.2.24
ibm	websphere_application_server	6.0.2.25
ibm	websphere_application_server	6.1
ibm	websphere_application_server	6.1.1
ibm	websphere_application_server	6.1.3
ibm	websphere_application_server	6.1.5
ibm	websphere_application_server	6.1.6
ibm	websphere_application_server	6.1.7
ibm	websphere_application_server	6.1.13
ibm	websphere_application_server	6.1.14

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E42B3D6-7400-45D1-82D6-C187B5E50789",
              "versionEndIncluding": "5.1.1.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31419896-89F7-43A2-8B7C-3B92744BBC46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDA0FE3E-2FB7-415D-BC64-4B5157EABB21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "559355CF-7FA8-4D90-8393-90C912F571C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "355967D9-475A-49AF-A3FF-E0AC3668B289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBE79CF3-16A3-40FB-BD7D-5D70DEB0EE09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC04CE9C-82B4-4406-823A-69A5E13ECA49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F6A5B3A-E57D-4574-A481-7EDA93664076",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "425890C2-FC96-4191-B512-6A3DB7BCE2D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BABB4A4-182D-4FB1-88AD-B6D6EDAE10C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF8ED4D-D2B6-49EC-930A-16A78E729F17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D8219D5-94D7-4E1B-BFA9-EF786FFD2C3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F8AFDEA-237C-40CA-AFC1-ED8D212FF867",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F215B48-7ED5-45EB-BD26-3D3EAD01506F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47D1C56-238B-414B-B2D2-D7069E42D001",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "625B5901-B0AF-4D00-BC56-525A6F72943D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "01F45BA3-6504-47AF-B757-7B6D3526FBF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE27E903-6D65-4D29-9583-43FB4CB473B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "714C405D-1E8F-45C1-8A09-5103F0080C76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:fp17:*:*:*:*:*",
              "matchCriteriaId": "D592217D-3489-40AE-8338-BF5AA5BBA251",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7F31FD3-8681-4F07-9644-5CC87D512520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "458BAD79-958E-4665-B1F8-0D46E0C57045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC1A723F-D685-4FE5-8938-5682A2D02155",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9643B593-DADF-4F57-B41E-541C7F554A4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "521DB050-3C94-49BF-8666-6EC2C358AA27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4AB6BD-4439-4100-A3CE-4600AED10B65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "375DF4AF-3C7C-47C3-BBB8-AF2B3827AC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "F200042C-D45E-4CAD-BF6E-E3DADF4D1D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "4421929D-C4B9-43C5-BE61-E68484D3B198",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB622117-C91F-47D2-9832-B7DB340796E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D65E0CC-FA8C-41FD-B256-47DB0C9757FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D87691D-0719-4447-B258-5FA2BD10F11A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B9CDD56-921C-4FAF-87E2-14B91EC1A93D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FFCD0A1-64B4-4AE7-8161-D8A71F9D6904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C086B402-55AC-4913-A929-380EBC438988",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4FC14C3-5BFF-4F56-BBD2-3219E7151BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "40D5CB7D-BD01-4EF3-AF8B-100C200A4C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "736A02C8-784F-4CEE-BACF-C5C37E8930C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "200B6A88-EFBD-4935-9596-D8EF3BC24D32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "20131F92-09B2-41D8-B5D9-38EFE6883EC0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no especificada en la funci\u00f3n serveServletsByClassnameEnabled en IBM WebSphere Application Server (WAS) versiones 6.0 hasta 6.0.2.25, versiones 6.1 hasta 6.1.0.14 y versiones 5.1.1.x anteriores a 5.1.1.18, presenta un impacto desconocido y vectores de ataque."
    }
  ],
  "id": "CVE-2008-0389",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-01-23T02:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28576"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29687"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018067"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018067"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/27371"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019251"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019894"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0219"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1133"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28576"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/27371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39808"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2008-0389

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-0389

Aliases

CVE-2008-0389

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0389",
    "description": "Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors.",
    "id": "GSD-2008-0389"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0389"
      ],
      "details": "Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors.",
      "id": "GSD-2008-0389",
      "modified": "2023-12-13T01:22:58.402456Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0389",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2008-1133",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1133"
          },
          {
            "name": "29687",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29687"
          },
          {
            "name": "PK52059",
            "refsource": "AIXAPAR",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018067"
          },
          {
            "name": "http://www-1.ibm.com/support/docview.wss?uid=swg24018067",
            "refsource": "CONFIRM",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018067"
          },
          {
            "name": "ADV-2008-0219",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0219"
          },
          {
            "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118",
            "refsource": "CONFIRM",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118"
          },
          {
            "name": "websphere-serveservlets-unspecified(39808)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39808"
          },
          {
            "name": "1019894",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019894"
          },
          {
            "name": "1019251",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019251"
          },
          {
            "name": "28576",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28576"
          },
          {
            "name": "27371",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27371"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:fp17:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.1.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.1.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.1.1.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.1.1.17",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0389"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27371",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/27371"
            },
            {
              "name": "28576",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28576"
            },
            {
              "name": "1019251",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019251"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118"
            },
            {
              "name": "29687",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29687"
            },
            {
              "name": "1019894",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019894"
            },
            {
              "name": "ADV-2008-1133",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1133"
            },
            {
              "name": "ADV-2008-0219",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0219"
            },
            {
              "name": "PK52059",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018067"
            },
            {
              "name": "websphere-serveservlets-unspecified(39808)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39808"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-08T01:29Z",
      "publishedDate": "2008-01-23T02:00Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0389 (GCVE-0-2008-0389)

GHSA-2334-74RR-746W

CERTA-2008-AVI-035

Description

Solution

CERTA-2008-AVI-035

Description

Solution

FKIE_CVE-2008-0389

GSD-2008-0389

Tags

Sightings

Nomenclature