FKIE_CVE-2007-1491

Vulnerability from fkie_nvd - Published: 2007-03-16 22:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
References
cve@mitre.orghttp://secunia.com/advisories/24434Vendor Advisory
cve@mitre.orghttp://support.avaya.com/elmodocs2/security/ASA-2007-051.htmVendor Advisory
cve@mitre.orghttp://www.osvdb.org/33346
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24434Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2007-051.htmVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/33346
Impacted products
Vendor Product Version
avaya sip_enablement_services *
avaya s8300 *
avaya s8500 *
avaya s8700 *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:avaya:sip_enablement_services:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D0106ED-5E0F-4487-804C-BF3FF4CB985F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8300:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B40402E-D157-4EBB-8412-03DBF1E0F504",
              "versionEndIncluding": "cm_3.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8500:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82A48EDE-B603-4404-8C85-9564B0F868F2",
              "versionEndIncluding": "cm_3.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:avaya:s8700:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A858B92B-4B2D-4100-8E9F-F397B5C69A32",
              "versionEndIncluding": "cm_3.1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties."
    },
    {
      "lang": "es",
      "value": "Apache Tomcat en Avaya S87XX, S8500, y S8300 versiones anteriores a CM 3.1.3, y Avaya SES permite conexiones de interfaces externas mediante el puerto 8009, que lo expone a ataques de fuentes externas."
    }
  ],
  "id": "CVE-2007-1491",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.2,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 5.1,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-03-16T22:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24434"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-051.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/33346"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-051.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/33346"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.