cvelistv5 - cve-2008-0401

CVE-2008-0401 (GCVE-0-2008-0401)

Vulnerability from cvelistv5 – Published: 2008-01-23 11:00 – Updated: 2024-08-07 07:46

Summary

Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2008/0239	vdb-entryx_refsource_VUPEN
	http://labs.idefense.com/intelligence/vulnerabili…	third-party-advisoryx_refsource_IDEFENSE
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www-1.ibm.com/support/docview.wss?uid=swg2…	x_refsource_CONFIRM
	http://secunia.com/advisories/28604	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1019249	vdb-entryx_refsource_SECTRACK
	http://www.kb.cert.org/vuls/id/158609	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/27387	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:46:54.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2008-0239",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0239"
          },
          {
            "name": "20080122 IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647"
          },
          {
            "name": "tivoli-provisioning-http-unspecified(39819)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39819"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010"
          },
          {
            "name": "28604",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28604"
          },
          {
            "name": "1019249",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019249"
          },
          {
            "name": "VU#158609",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/158609"
          },
          {
            "name": "27387",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27387"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2008-0239",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0239"
        },
        {
          "name": "20080122 IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647"
        },
        {
          "name": "tivoli-provisioning-http-unspecified(39819)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39819"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010"
        },
        {
          "name": "28604",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28604"
        },
        {
          "name": "1019249",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019249"
        },
        {
          "name": "VU#158609",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/158609"
        },
        {
          "name": "27387",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27387"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0401",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2008-0239",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0239"
            },
            {
              "name": "20080122 IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647"
            },
            {
              "name": "tivoli-provisioning-http-unspecified(39819)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39819"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010"
            },
            {
              "name": "28604",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28604"
            },
            {
              "name": "1019249",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019249"
            },
            {
              "name": "VU#158609",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/158609"
            },
            {
              "name": "27387",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27387"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0401",
    "datePublished": "2008-01-23T11:00:00",
    "dateReserved": "2008-01-22T00:00:00",
    "dateUpdated": "2024-08-07T07:46:54.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:tivoli_provisioning_manager_os_deployment:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.1.0.2\", \"matchCriteriaId\": \"A3C1B6FC-DD04-4D5F-8C93-8A9A65878FF8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp.\"}, {\"lang\": \"es\", \"value\": \"Un desbordamiento del b\\u00fafer en la funcionalidad de inicio de sesi\\u00f3n del servidor HTTP en IBM Tivoli Provisioning Manager para OS Deployment (TPMfOSD) versiones anteriores a 5.1.0.3 Interim Fix 3, permite a atacantes remotos causar una denegaci\\u00f3n de servicio (bloqueo del demonio) o posiblemente ejecutar c\\u00f3digo arbitrario por medio de una petici\\u00f3n HTTP con una cadena de m\\u00e9todo larga hacia el puerto 443/tcp.\"}]",
      "id": "CVE-2008-0401",
      "lastModified": "2024-11-21T00:42:00.240",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-01-23T12:00:00.000",
      "references": "[{\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28604\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg24018010\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/158609\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/27387\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019249\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0239\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39819\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28604\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg24018010\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/158609\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/27387\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019249\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0239\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39819\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0401\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-01-23T12:00:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento del b\u00fafer en la funcionalidad de inicio de sesi\u00f3n del servidor HTTP en IBM Tivoli Provisioning Manager para OS Deployment (TPMfOSD) versiones anteriores a 5.1.0.3 Interim Fix 3, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del demonio) o posiblemente ejecutar c\u00f3digo arbitrario por medio de una petici\u00f3n HTTP con una cadena de m\u00e9todo larga hacia el puerto 443/tcp.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:tivoli_provisioning_manager_os_deployment:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.1.0.2\",\"matchCriteriaId\":\"A3C1B6FC-DD04-4D5F-8C93-8A9A65878FF8\"}]}]}],\"references\":[{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28604\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg24018010\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/158609\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/27387\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019249\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0239\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39819\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28604\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg24018010\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/158609\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/27387\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019249\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0239\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39819\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2008-AVI-035

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été découvertes dans des produits IBM. L'exploitation de ces vulnérabilités permet de provoquer un déni de service ou d'effectuer des actions malveillantes sur le système de fichiers de la machine cible.

Description

Plusieurs vulnérabilités ont été découvertes dans des produits IBM :

une vulnérabilité dans l'applicatif IBM Tivoli Provisioning Manager for OS Deployment permet à un utilisateur malintentionné d'effectuer un déni de service depuis le réseau local ;
une vulnérabilité dans l'applicatif IBM Tivoli Business Service Manager permet de récupérer des mots de passes stockés en clair ;
une vulnérabilité dans l'applicatif IBM Websphere Business Modeler permet à un utilisateur légitime malintentionné d'effacer des données importantes ne lui appartenant pas.
D'autres vulnérabilités dont l'impact n'a pas été spécifié par IBM ont été découvertes dans IBM Websphere Application Server.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Tivoli	IBM Tivoli Provisioning Manager for OS Deployment 5.x ;
IBM	Tivoli	IBM Tivoli Business Service Manager 4.x ;
IBM	WebSphere	IBM Websphere Business Modeler 6.x ;
IBM	WebSphere	IBM Websphere Application Server 6.0.X.

References

Title

Publication Time

Tags

Mises à jour de sécurité IBM	None	vendor-advisory
Bulletin de sécurité IBM swg24017939 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018061 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018060 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg27006876 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018010 du 23 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Tivoli Provisioning Manager for OS Deployment 5.x ;",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Tivoli Business Service Manager 4.x ;",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Websphere Business Modeler 6.x ;",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Websphere Application Server 6.0.X.",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans des produits IBM :\n\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Tivoli Provisioning Manager\n    for OS Deployment permet \u00e0 un utilisateur malintentionn\u00e9 d\u0027effectuer\n    un d\u00e9ni de service depuis le r\u00e9seau local ;\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Tivoli Business Service\n    Manager permet de r\u00e9cup\u00e9rer des mots de passes stock\u00e9s en clair ;\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Websphere Business Modeler\n    permet \u00e0 un utilisateur l\u00e9gitime malintentionn\u00e9 d\u0027effacer des\n    donn\u00e9es importantes ne lui appartenant pas.\n-   D\u0027autres vuln\u00e9rabilit\u00e9s dont l\u0027impact n\u0027a pas \u00e9t\u00e9 sp\u00e9cifi\u00e9 par IBM\n    ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Websphere Application Server.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0389"
    },
    {
      "name": "CVE-2008-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0401"
    },
    {
      "name": "CVE-2008-0402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0402"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24017939 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017939"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018061 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018060 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg27006876 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006876"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018010 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010"
    }
  ],
  "reference": "CERTA-2008-AVI-035",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans des produits IBM.\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de provoquer un d\u00e9ni de\nservice ou d\u0027effectuer des actions malveillantes sur le syst\u00e8me de\nfichiers de la machine cible.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s des produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mises \u00e0 jour de s\u00e9curit\u00e9 IBM",
      "url": null
    }
  ]
}

CERTA-2008-AVI-035

Vulnerability from certfr_avis - Published: - Updated:

Description

Plusieurs vulnérabilités ont été découvertes dans des produits IBM :

une vulnérabilité dans l'applicatif IBM Tivoli Provisioning Manager for OS Deployment permet à un utilisateur malintentionné d'effectuer un déni de service depuis le réseau local ;
une vulnérabilité dans l'applicatif IBM Tivoli Business Service Manager permet de récupérer des mots de passes stockés en clair ;
une vulnérabilité dans l'applicatif IBM Websphere Business Modeler permet à un utilisateur légitime malintentionné d'effacer des données importantes ne lui appartenant pas.
D'autres vulnérabilités dont l'impact n'a pas été spécifié par IBM ont été découvertes dans IBM Websphere Application Server.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Tivoli	IBM Tivoli Provisioning Manager for OS Deployment 5.x ;
IBM	Tivoli	IBM Tivoli Business Service Manager 4.x ;
IBM	WebSphere	IBM Websphere Business Modeler 6.x ;
IBM	WebSphere	IBM Websphere Application Server 6.0.X.

References

Title

Publication Time

Tags

Mises à jour de sécurité IBM	None	vendor-advisory
Bulletin de sécurité IBM swg24017939 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018061 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018060 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg27006876 du 23 janvier 2008 :	-	other
Bulletin de sécurité IBM swg24018010 du 23 janvier 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Tivoli Provisioning Manager for OS Deployment 5.x ;",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Tivoli Business Service Manager 4.x ;",
      "product": {
        "name": "Tivoli",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Websphere Business Modeler 6.x ;",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Websphere Application Server 6.0.X.",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans des produits IBM :\n\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Tivoli Provisioning Manager\n    for OS Deployment permet \u00e0 un utilisateur malintentionn\u00e9 d\u0027effectuer\n    un d\u00e9ni de service depuis le r\u00e9seau local ;\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Tivoli Business Service\n    Manager permet de r\u00e9cup\u00e9rer des mots de passes stock\u00e9s en clair ;\n-   une vuln\u00e9rabilit\u00e9 dans l\u0027applicatif IBM Websphere Business Modeler\n    permet \u00e0 un utilisateur l\u00e9gitime malintentionn\u00e9 d\u0027effacer des\n    donn\u00e9es importantes ne lui appartenant pas.\n-   D\u0027autres vuln\u00e9rabilit\u00e9s dont l\u0027impact n\u0027a pas \u00e9t\u00e9 sp\u00e9cifi\u00e9 par IBM\n    ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Websphere Application Server.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0389"
    },
    {
      "name": "CVE-2008-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0401"
    },
    {
      "name": "CVE-2008-0402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0402"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24017939 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017939"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018061 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018061"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018060 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018060"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg27006876 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27006876"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg24018010 du 23 janvier 2008 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010"
    }
  ],
  "reference": "CERTA-2008-AVI-035",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-01-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans des produits IBM.\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de provoquer un d\u00e9ni de\nservice ou d\u0027effectuer des actions malveillantes sur le syst\u00e8me de\nfichiers de la machine cible.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s des produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mises \u00e0 jour de s\u00e9curit\u00e9 IBM",
      "url": null
    }
  ]
}

GSD-2008-0401

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-0401

Aliases

CVE-2008-0401

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0401",
    "description": "Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp.",
    "id": "GSD-2008-0401"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0401"
      ],
      "details": "Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp.",
      "id": "GSD-2008-0401",
      "modified": "2023-12-13T01:22:58.561390Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0401",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2008-0239",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0239"
          },
          {
            "name": "20080122 IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647"
          },
          {
            "name": "tivoli-provisioning-http-unspecified(39819)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39819"
          },
          {
            "name": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010",
            "refsource": "CONFIRM",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010"
          },
          {
            "name": "28604",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28604"
          },
          {
            "name": "1019249",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019249"
          },
          {
            "name": "VU#158609",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/158609"
          },
          {
            "name": "27387",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27387"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:tivoli_provisioning_manager_os_deployment:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.1.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0401"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010"
            },
            {
              "name": "27387",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/27387"
            },
            {
              "name": "1019249",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019249"
            },
            {
              "name": "28604",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28604"
            },
            {
              "name": "20080122 IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "tags": [],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647"
            },
            {
              "name": "VU#158609",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/158609"
            },
            {
              "name": "ADV-2008-0239",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0239"
            },
            {
              "name": "tivoli-provisioning-http-unspecified(39819)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39819"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-08T01:29Z",
      "publishedDate": "2008-01-23T12:00Z"
    }
  }
}

FKIE_CVE-2008-0401

Vulnerability from fkie_nvd - Published: 2008-01-23 12:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647
cve@mitre.org	http://secunia.com/advisories/28604	Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg24018010	Patch
cve@mitre.org	http://www.kb.cert.org/vuls/id/158609	US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/27387
cve@mitre.org	http://www.securitytracker.com/id?1019249
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0239
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39819
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28604	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg24018010	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/158609	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27387
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019249
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0239
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39819

Impacted products

	Vendor	Product	Version
	ibm	tivoli_provisioning_manager_os_deployment	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_provisioning_manager_os_deployment:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C1B6FC-DD04-4D5F-8C93-8A9A65878FF8",
              "versionEndIncluding": "5.1.0.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento del b\u00fafer en la funcionalidad de inicio de sesi\u00f3n del servidor HTTP en IBM Tivoli Provisioning Manager para OS Deployment (TPMfOSD) versiones anteriores a 5.1.0.3 Interim Fix 3, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo del demonio) o posiblemente ejecutar c\u00f3digo arbitrario por medio de una petici\u00f3n HTTP con una cadena de m\u00e9todo larga hacia el puerto 443/tcp."
    }
  ],
  "id": "CVE-2008-0401",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-01-23T12:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28604"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/158609"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27387"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019249"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0239"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28604"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/158609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27387"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019249"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39819"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-QJHJ-MX7W-2R2M

Vulnerability from github – Published: 2022-05-01 23:29 – Updated: 2022-05-01 23:29

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0401"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-01-23T12:00:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp.",
  "id": "GHSA-qjhj-mx7w-2r2m",
  "modified": "2022-05-01T23:29:59Z",
  "published": "2022-05-01T23:29:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0401"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39819"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28604"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24018010"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/158609"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27387"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019249"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0239"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0401 (GCVE-0-2008-0401)

CERTA-2008-AVI-035

Description

Solution

CERTA-2008-AVI-035

Description

Solution

GSD-2008-0401

FKIE_CVE-2008-0401

GHSA-QJHJ-MX7W-2R2M

Tags

Sightings

Nomenclature