FKIE_CVE-2009-0879

Vulnerability from fkie_nvd - Published: 2009-03-12 15:20 - Updated: 2025-04-09 00:30
Severity ?
Summary
The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.
References
cve@mitre.orghttp://osvdb.org/52615
cve@mitre.orghttp://secunia.com/advisories/34212Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1021825Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/501638/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/34061
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/0656Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/49285
cve@mitre.orghttps://www.exploit-db.com/exploits/8190
cve@mitre.orghttps://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txtExploit
cve@mitre.orghttps://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/52615
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34212Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1021825Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/501638/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34061
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0656Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/49285
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/8190
af854a3a-2127-422b-91ae-364da2661108https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txtExploit
af854a3a-2127-422b-91ae-364da2661108https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp&S_PKG=director_x_520&S_TACT=sms&lang=en_US&cp=UTF-8Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm director *
ibm director 3.1.1
ibm director 4.10
ibm director 4.11
ibm director 4.12
ibm director 4.20
ibm director 4.21
ibm director 4.22
ibm director 5.10.0
ibm director 5.10.1
ibm director 5.10.2
ibm director 5.10.3
ibm director 5.20.0
ibm director 5.20.1
ibm director 5.20.2
microsoft windows *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:director:*:service_update_1:*:*:*:*:*:*",
              "matchCriteriaId": "D525C638-4015-4E45-9A82-1CABAC1DCC54",
              "versionEndIncluding": "5.20.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D18E2470-6359-4E0C-83E7-880FA6EC8520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "622C9C51-0EB7-449F-96F0-07BC976CADDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B2A9EE4-B5EA-451E-9A50-0BB901A7BD2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "05D211F7-9F61-4E93-8C5E-596B782E0BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5EE0669-1042-4580-8883-793C2F4272C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "92C5D77E-60BC-406F-86F6-2F1F0C9C8E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:4.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60AE021-6483-4075-B0F5-4DBF49F5332A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AA0F5AD-D17D-492B-B463-52C40BA0B03B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AD25392-1D9D-47C9-BAE3-7C2B24663A20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2D5A503-C92F-4EB9-8B5F-F59A1C6FAB76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "824785BD-CA6D-4FDB-ADB3-428360D2F624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.20.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BCA51AD-90E3-4DC5-BA4A-95A8B55C2DDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B3F58B-3D5C-4B3D-BA72-050270D741AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:director:5.20.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA69558A-697A-4FEC-A8EA-7E71DF9C4764",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI."
    },
    {
      "lang": "es",
      "value": "El servidor CIM en IBM Director anterior a v5.20.3 Service Update 2 sobre Windows permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de un nombre largo \"consumer\", como se ha demostrado en una petici\u00f3n M-POST a una URI larga /CIMListener/."
    }
  ],
  "id": "CVE-2009-0879",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-03-12T15:20:49.953",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/52615"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34212"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1021825"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/34061"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0656"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/8190"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/52615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1021825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/501638/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/8190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www14.software.ibm.com/webapp/iwm/web/reg/download.do?source=dmp\u0026S_PKG=director_x_520\u0026S_TACT=sms\u0026lang=en_US\u0026cp=UTF-8"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.