CVE-2010-1632
https://notcve.org/view.php?id=CVE-2010-1632
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService. Apache Axis2 en versiones anteriores a la 1.5.2, tal como se usa en IBM WebSphere Application Server (WAS) 7.0 a 7.0.0.12, IBM Feature Pack para Web Services 6.1.0.9 a 6.1.0.32, IBM Feature Pack para Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo y otros productos, no rechaza de manera apropiada DTDs en mensajes SOAP, lo que permite a atacantes remotos leer ficheros de su elección, enviar peticiones HTTP a servidores de la intranet o provocar una denegación de servicio (consumo de memoria y de CPU) mediante un DTD manipulado, como se ha demostrado por una declaración de entidad en una petición a Synapse SimpleStockQuoteService. • http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html http://geronimo.apache.org/21x-security-report.html http://geronimo.apache.org/22x-security-report.html http://markmail.org/message/e4yiij7lfexastvl http://secunia.com/advisories/40252 http://secunia.com/advisories/40279 http://secunia.com/advisories/41016 http://secunia.com/advisories/41025 http://www-01.ibm.com/support/docview.wss?uid=swg21433581 http://www-1.ibm.com/support/docview.wss?uid=swg1PM14765 http • CWE-20: Improper Input Validation •
CVE-2010-1347
https://notcve.org/view.php?id=CVE-2010-1347
Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and Linux uses incorrect permissions for the (1) diruninstall and (2) opt/ibm/director/bin/wcitinst scripts, which allows local users to gain privileges by executing these scripts. Director Agent v6.1 anterior a v6.1.2.3 en IBM Systems Director en AIX y Linux utiliza permisos incorrectos para las secuencias de comandos (1) diruninstall and (2) opt/ibm/director/bin/wcitinst, lo cual permite a usuarios locales conseguir privilegios mediante la ejecución de estas secuencias de comandos. • http://osvdb.org/63595 http://secunia.com/advisories/39194 http://www-01.ibm.com/support/docview.wss?uid=isg1PM08236 http://www.securityfocus.com/bid/39305 http://www.securitytracker.com/id?1023831 http://www.vupen.com/english/advisories/2010/0830 https://exchange.xforce.ibmcloud.com/vulnerabilities/57611 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-0879 – IBM Director 5.20.3su2 CIM Server - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0879
The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. El servidor CIM en IBM Director anterior a v5.20.3 Service Update 2 sobre Windows permite a los atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un nombre largo "consumer", como se ha demostrado en una petición M-POST a una URI larga /CIMListener/. • https://www.exploit-db.com/exploits/8190 http://osvdb.org/52615 http://secunia.com/advisories/34212 http://securitytracker.com/id?1021825 http://www.securityfocus.com/archive/1/501638/100/0/threaded http://www.securityfocus.com/bid/34061 http://www.vupen.com/english/advisories/2009/0656 https://exchange.xforce.ibmcloud.com/vulnerabilities/49285 https://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt https://www14.software.ibm.com/webapp/iwm/web/reg/download.do • CWE-20: Improper Input Validation •
CVE-2009-0880 – IBM System Director Agent 5.20 - CIM Server Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-0880
Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request. Vulnerabilidad de salto de directorio en el servidor CIM en IBM Director anteriores v5.20.3 Service Update 2 en Windows que permite a los atacantes remotos cargar y ejecutar arbitrariamente código DLL local a través .. (punto punto) en un /CIMListener/ URI en una petición M-POST. By sending a specially crafted request to a vulnerable IBM System Director sever, an attacker can force it to load a DLL remotely from a WebDAV share. • https://www.exploit-db.com/exploits/32845 https://www.exploit-db.com/exploits/23074 https://www.exploit-db.com/exploits/23203 http://osvdb.org/52616 http://secunia.com/advisories/34212 http://www.securityfocus.com/archive/1/501639/100/0/threaded http://www.securityfocus.com/bid/34065 http://www.vupen.com/english/advisories/2009/0656 https://exchange.xforce.ibmcloud.com/vulnerabilities/49286 https://www.sec-consult.com/files/20090305-2_IBM_director_privilege_escalation.txt ht • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2007-5612
https://notcve.org/view.php?id=CVE-2007-5612
CIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections. CIM Server en IBM Director 5.20.1 y anteriores permite a atacantes remotos provocar una denegación de servicio (consumo de CPU, agotamientos de conexiones, y caída del demonio) mediante un número grande de conexiones sin utilizar. • http://secunia.com/advisories/27752 http://securitytracker.com/id?1018985 http://www.kb.cert.org/vuls/id/512193 http://www.kb.cert.org/vuls/id/MIMG-78YMXE http://www.securityfocus.com/bid/26509 http://www.vupen.com/english/advisories/2007/3942 https://exchange.xforce.ibmcloud.com/vulnerabilities/38583 • CWE-399: Resource Management Errors •