Computer Security
[EN] securityvulns.ru no-pyccku


IBM Tivoli Provisioning Manager for OS Deployment DoS
Published:11.04.2007
Source:
SecurityVulns ID:7566
Type:remote
Threat Level:
5/10
Description:Invalid handling of HTTP POST multipart/form-data requests to 8080/tcp or 443/tcp ports.
Affected:IBM : Tivoli Provisioning Manager for OS Deployment 5.1
CVE:CVE-2007-1940 (IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 logs passwords in plaintext, which allows local users to obtain sensitive information by reading (1) ncisetup.db or (2) msi.log.)
 CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via crafted POST requests to port 8080/tcp or 443/tcp.)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod