Vulnerabilites related to avaya - sip_enablement_services
cve-2008-2812
Vulnerability from cvelistv5
Published
2008-07-09 00:00
Modified
2024-08-07 09:14
Severity ?
EPSS score ?
Summary
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:14:14.939Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SUSE-SA:2008:047", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html", }, { name: "DSA-1630", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2008/dsa-1630", }, { name: "ADV-2008-2063", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2063/references", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788", }, { name: "SUSE-SA:2008:038", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html", }, { name: "USN-637-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/637-1/", }, { name: "SUSE-SA:2008:035", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html", }, { name: "[oss-security] 20080703 2.6.25.10 security fixes, please assign CVE id", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/07/03/2", }, { name: "31614", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31614", }, { name: "31685", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31685", }, { name: "31341", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31341", }, { name: "SUSE-SA:2008:052", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html", }, { name: "30982", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30982", }, { name: "oval:org.mitre.oval:def:11632", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632", }, { name: "31551", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31551", }, { name: "RHSA-2008:0665", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0665.html", }, { name: "32103", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32103", }, { name: "31048", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31048", }, { name: "30076", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/30076", }, { name: "32759", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32759", }, { name: "kernel-tty-dos(43687)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43687", }, { name: "SUSE-SA:2008:037", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html", }, { name: "32370", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32370", }, { name: "RHSA-2008:0973", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0973.html", }, { name: "RHSA-2008:0612", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0612.html", }, { name: "31202", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31202", }, { name: "oval:org.mitre.oval:def:6633", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-365.htm", }, { name: "SUSE-SA:2008:049", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html", }, { name: "SUSE-SR:2008:025", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html", }, { name: "33201", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33201", }, { name: "31229", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31229", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-07-02T00:00:00", descriptions: [ { lang: "en", value: "The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-03T20:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "SUSE-SA:2008:047", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html", }, { name: "DSA-1630", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2008/dsa-1630", }, { name: "ADV-2008-2063", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2063/references", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788", }, { name: "SUSE-SA:2008:038", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html", }, { name: "USN-637-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/637-1/", }, { name: "SUSE-SA:2008:035", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html", }, { name: "[oss-security] 20080703 2.6.25.10 security fixes, please assign CVE id", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/07/03/2", }, { name: "31614", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31614", }, { name: "31685", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31685", }, { name: "31341", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31341", }, { name: "SUSE-SA:2008:052", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html", }, { name: "30982", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30982", }, { name: "oval:org.mitre.oval:def:11632", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632", }, { name: "31551", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31551", }, { name: "RHSA-2008:0665", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0665.html", }, { name: "32103", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32103", }, { name: "31048", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31048", }, { name: "30076", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/30076", }, { name: "32759", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32759", }, { name: "kernel-tty-dos(43687)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43687", }, { name: "SUSE-SA:2008:037", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html", }, { name: "32370", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32370", }, { name: "RHSA-2008:0973", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0973.html", }, { name: "RHSA-2008:0612", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0612.html", }, { name: "31202", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31202", }, { name: "oval:org.mitre.oval:def:6633", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-365.htm", }, { name: "SUSE-SA:2008:049", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html", }, { name: "SUSE-SR:2008:025", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html", }, { name: "33201", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33201", }, { name: "31229", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31229", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2008-2812", datePublished: "2008-07-09T00:00:00", dateReserved: "2008-06-20T00:00:00", dateUpdated: "2024-08-07T09:14:14.939Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-6708
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/1943/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30751 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43390 | vdb-entry, x_refsource_XF | |
| http://www.voipshield.com/research-details.php?id=77 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/29939 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/46604 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T11:41:59.535Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2008-1943", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30751", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "avaya-ses-parameters-code-execution(43390)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=77", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29939", }, { name: "46604", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/46604", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-25T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of \"data viewing or restoring parameters.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ADV-2008-1943", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30751", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "avaya-ses-parameters-code-execution(43390)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=77", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29939", }, { name: "46604", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/46604", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-6708", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of \"data viewing or restoring parameters.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2008-1943", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", refsource: "SECUNIA", url: "http://secunia.com/advisories/30751", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "avaya-ses-parameters-code-execution(43390)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390", }, { name: "http://www.voipshield.com/research-details.php?id=77", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=77", }, { name: "29939", refsource: "BID", url: "http://www.securityfocus.com/bid/29939", }, { name: "46604", refsource: "OSVDB", url: "http://osvdb.org/46604", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-6708", datePublished: "2009-04-10T15:00:00", dateReserved: "2009-04-10T00:00:00", dateUpdated: "2024-08-07T11:41:59.535Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3778
Vulnerability from cvelistv5
Published
2008-08-25 21:00
Modified
2024-08-07 09:52
Severity ?
EPSS score ?
Summary
The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44585 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/30758 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:52:59.274Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { name: "avaya-ses-servers-security-bypass(44585)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44585", }, { name: "30758", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/30758", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-08-19T00:00:00", descriptions: [ { lang: "en", value: "The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { name: "avaya-ses-servers-security-bypass(44585)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44585", }, { name: "30758", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/30758", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3778", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { name: "avaya-ses-servers-security-bypass(44585)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44585", }, { name: "30758", refsource: "BID", url: "http://www.securityfocus.com/bid/30758", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3778", datePublished: "2008-08-25T21:00:00", dateReserved: "2008-08-25T00:00:00", dateUpdated: "2024-08-07T09:52:59.274Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-6707
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:42
Severity ?
EPSS score ?
Summary
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T11:42:00.366Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2008-1943", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30751", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=86", }, { name: "avaya-ses-certificate-info-disclosure(43384)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384", }, { name: "46598", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/46598", }, { name: "avaya-ses-statesfolder-code-execution(43393)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=88", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=90", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=87", }, { name: "avaya-ses-objectsfolder-code-execution(43381)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29939", }, { name: "46599", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/46599", }, { name: "46600", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/46600", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=91", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=89", }, { name: "avaya-ses-application-info-disclosure(43394)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394", }, { name: "avaya-ses-help-information-disclosure(43395)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395", }, { name: "avaya-ses-application-unauth-access(43389)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-25T00:00:00", descriptions: [ { lang: "en", value: "The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \"unnecessary default application,\" (4) unspecified scripts in the states folder, (5) an unspecified \"default application\" that lists server configuration, and (6) \"full system help.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ADV-2008-1943", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30751", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=86", }, { name: "avaya-ses-certificate-info-disclosure(43384)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384", }, { name: "46598", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/46598", }, { name: "avaya-ses-statesfolder-code-execution(43393)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=88", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=90", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=87", }, { name: "avaya-ses-objectsfolder-code-execution(43381)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29939", }, { name: "46599", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/46599", }, { name: "46600", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/46600", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=91", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=89", }, { name: "avaya-ses-application-info-disclosure(43394)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394", }, { name: "avaya-ses-help-information-disclosure(43395)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395", }, { name: "avaya-ses-application-unauth-access(43389)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-6707", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \"unnecessary default application,\" (4) unspecified scripts in the states folder, (5) an unspecified \"default application\" that lists server configuration, and (6) \"full system help.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2008-1943", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", refsource: "SECUNIA", url: "http://secunia.com/advisories/30751", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "http://www.voipshield.com/research-details.php?id=86", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=86", }, { name: "avaya-ses-certificate-info-disclosure(43384)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384", }, { name: "46598", refsource: "OSVDB", url: "http://osvdb.org/46598", }, { name: "avaya-ses-statesfolder-code-execution(43393)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393", }, { name: "http://www.voipshield.com/research-details.php?id=88", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=88", }, { name: "http://www.voipshield.com/research-details.php?id=90", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=90", }, { name: "http://www.voipshield.com/research-details.php?id=87", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=87", }, { name: "avaya-ses-objectsfolder-code-execution(43381)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381", }, { name: "29939", refsource: "BID", url: "http://www.securityfocus.com/bid/29939", }, { name: "46599", refsource: "OSVDB", url: "http://osvdb.org/46599", }, { name: "46600", refsource: "OSVDB", url: "http://osvdb.org/46600", }, { name: "http://www.voipshield.com/research-details.php?id=91", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=91", }, { name: "http://www.voipshield.com/research-details.php?id=89", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=89", }, { name: "avaya-ses-application-info-disclosure(43394)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394", }, { name: "avaya-ses-help-information-disclosure(43395)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395", }, { name: "avaya-ses-application-unauth-access(43389)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-6707", datePublished: "2009-04-10T15:00:00", dateReserved: "2009-04-10T00:00:00", dateUpdated: "2024-08-07T11:42:00.366Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-6709
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/1943/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/30751 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm | x_refsource_CONFIRM | |
| http://www.osvdb.org/46603 | vdb-entry, x_refsource_OSVDB | |
| http://www.voipshield.com/research-details.php?id=78 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43380 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/29939 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T11:41:59.733Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2008-1943", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30751", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "46603", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/46603", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=78", }, { name: "avaya-ses-command-execution(43380)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29939", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-25T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of \"local data viewing or restoring parameters.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ADV-2008-1943", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30751", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "46603", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/46603", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=78", }, { name: "avaya-ses-command-execution(43380)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29939", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-6709", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of \"local data viewing or restoring parameters.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2008-1943", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", refsource: "SECUNIA", url: "http://secunia.com/advisories/30751", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "46603", refsource: "OSVDB", url: "http://www.osvdb.org/46603", }, { name: "http://www.voipshield.com/research-details.php?id=78", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=78", }, { name: "avaya-ses-command-execution(43380)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380", }, { name: "29939", refsource: "BID", url: "http://www.securityfocus.com/bid/29939", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-6709", datePublished: "2009-04-10T15:00:00", dateReserved: "2009-04-10T00:00:00", dateUpdated: "2024-08-07T11:41:59.733Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-1491
Vulnerability from cvelistv5
Published
2007-03-16 22:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.avaya.com/elmodocs2/security/ASA-2007-051.htm | x_refsource_CONFIRM | |
| http://secunia.com/advisories/24434 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/33346 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T12:59:08.306Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2007-051.htm", }, { name: "24434", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24434", }, { name: "33346", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/33346", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-03-06T00:00:00", descriptions: [ { lang: "en", value: "Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2007-03-31T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2007-051.htm", }, { name: "24434", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24434", }, { name: "33346", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/33346", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-1491", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://support.avaya.com/elmodocs2/security/ASA-2007-051.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2007-051.htm", }, { name: "24434", refsource: "SECUNIA", url: "http://secunia.com/advisories/24434", }, { name: "33346", refsource: "OSVDB", url: "http://www.osvdb.org/33346", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-1491", datePublished: "2007-03-16T22:00:00", dateReserved: "2007-03-16T00:00:00", dateUpdated: "2024-08-07T12:59:08.306Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-6706
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T11:41:59.544Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2008-1943", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30751", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "avaya-ses-tablepasswords-info-disclosure(43382)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=81", }, { name: "avaya-ses-databaseserver-info-disclosure(43388)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=83", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=82", }, { name: "46602", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/46602", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=85", }, { name: "avaya-ses-databasepassword-info-disclosure(43387)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.voipshield.com/research-details.php?id=84", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29939", }, { name: "avaya-ses-passwordencryption-info-disclosure(43383)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-25T00:00:00", descriptions: [ { lang: "en", value: "Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts \"subscriber table passwords,\" (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts \"subscriber table passwords.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ADV-2008-1943", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30751", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "avaya-ses-tablepasswords-info-disclosure(43382)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=81", }, { name: "avaya-ses-databaseserver-info-disclosure(43388)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=83", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=82", }, { name: "46602", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/46602", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=85", }, { name: "avaya-ses-databasepassword-info-disclosure(43387)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387", }, { tags: [ "x_refsource_MISC", ], url: "http://www.voipshield.com/research-details.php?id=84", }, { name: "29939", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29939", }, { name: "avaya-ses-passwordencryption-info-disclosure(43383)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-6706", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts \"subscriber table passwords,\" (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts \"subscriber table passwords.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2008-1943", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { name: "30751", refsource: "SECUNIA", url: "http://secunia.com/advisories/30751", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { name: "avaya-ses-tablepasswords-info-disclosure(43382)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382", }, { name: "http://www.voipshield.com/research-details.php?id=81", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=81", }, { name: "avaya-ses-databaseserver-info-disclosure(43388)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388", }, { name: "http://www.voipshield.com/research-details.php?id=83", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=83", }, { name: "http://www.voipshield.com/research-details.php?id=82", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=82", }, { name: "46602", refsource: "OSVDB", url: "http://osvdb.org/46602", }, { name: "http://www.voipshield.com/research-details.php?id=85", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=85", }, { name: "avaya-ses-databasepassword-info-disclosure(43387)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387", }, { name: "http://www.voipshield.com/research-details.php?id=84", refsource: "MISC", url: "http://www.voipshield.com/research-details.php?id=84", }, { name: "29939", refsource: "BID", url: "http://www.securityfocus.com/bid/29939", }, { name: "avaya-ses-passwordencryption-info-disclosure(43383)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-6706", datePublished: "2009-04-10T15:00:00", dateReserved: "2009-04-10T00:00:00", dateUpdated: "2024-08-07T11:41:59.544Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-3777
Vulnerability from cvelistv5
Published
2008-08-25 21:00
Modified
2024-08-07 09:52
Severity ?
EPSS score ?
Summary
The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/30758 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44586 | vdb-entry, x_refsource_XF |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:52:59.290Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { name: "30758", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/30758", }, { name: "avaya-ses-servers-info-disclosure(44586)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44586", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-08-19T00:00:00", descriptions: [ { lang: "en", value: "The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { name: "30758", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/30758", }, { name: "avaya-ses-servers-info-disclosure(44586)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44586", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-3777", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", refsource: "CONFIRM", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { name: "30758", refsource: "BID", url: "http://www.securityfocus.com/bid/30758", }, { name: "avaya-ses-servers-info-disclosure(44586)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44586", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-3777", datePublished: "2008-08-25T21:00:00", dateReserved: "2008-08-25T00:00:00", dateUpdated: "2024-08-07T09:52:59.290Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2008-08-25 21:41
Modified
2024-11-21 00:50
Severity ?
Summary
The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | sip_enablement_services | 5.0 | |
| avaya | s8300c_server | * | |
| avaya | communication_manager | 5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:sip_enablement_services:5.0:*:*:*:*:*:*:*", matchCriteriaId: "03BEFE21-9FAA-4DA0-9C75-A70C12A88123", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:avaya:s8300c_server:*:*:*:*:*:*:*:*", matchCriteriaId: "8030330C-BC31-485A-A93C-AEA910D4042C", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "84E2136B-6FE3-4548-A89D-444ED9393C22", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.", }, { lang: "es", value: "SIP Enablement Services (SES) Server en Avaya SIP Enablement Services 5.0 y Communication Manager (CM) 5.0 en el S8300C con SES activado, escribe los nombres y contraseñas de cuenta en los logs (1) alarm y (2) system, durante los intentos fallidos de login, lo que permite a usuarios locales obtener credenciales leyendo estos logs.", }, ], id: "CVE-2008-3777", lastModified: "2024-11-21T00:50:06.407", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-08-25T21:41:00.000", references: [ { source: "cve@mitre.org", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/30758", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44586", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/30758", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44586", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 4.0 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.1 | |
| avaya | communication_manager | 4.0.3 | |
| avaya | sip_enablement_services | 3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*", matchCriteriaId: "88F5C363-3A38-43FC-A06D-73E280AB844B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C4030E5D-BC15-481D-A15E-98FAE65130D9", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "BBD119B9-FE11-4165-943D-119E906DC013", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "89F99C5C-C184-4A5C-B8BA-F558C4A38730", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "87089C0E-2241-46A7-93EE-EC41D52A89C6", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0:*:*:*:*:*:*:*", matchCriteriaId: "9F0B0D66-9900-4B9A-A892-31B8607DA852", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D5DE700B-B830-445B-AF08-4AD28EF1BE58", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15215:*:*:*:*:*:*", matchCriteriaId: "522FD345-91ED-4FE2-8069-028C3A2E3974", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.1:sp15500:*:*:*:*:*:*", matchCriteriaId: "3507CABD-74EE-4A53-9C09-AF38B3F218F0", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "825C1D4E-CD86-4122-84D7-CF1CB4CF8F10", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*", matchCriteriaId: "F8D4881F-650A-4FA1-B604-70EBBED41AE7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of \"data viewing or restoring parameters.\"", }, { lang: "es", value: "Vulnerabilidad no especificada en el interfase de administración web de Avaya SIP Enablement Services (SES)v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x y v4.x, permite a usuarios remotos autentificados, obtener privilegios de root a través de vectores desconocidos relativos a la configuración de \"viendo datos locales o restaurando parámetros\".", }, ], id: "CVE-2008-6708", lastModified: "2024-11-21T00:57:16.027", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-04-10T22:00:00.687", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/46604", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/30751", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/29939", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=77", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/46604", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30751", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29939", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=77", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43390", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | sip_enablement_services | 3.0 | |
| avaya | sip_enablement_services | 3.1 | |
| avaya | sip_enablement_services | 3.1.1 | |
| avaya | sip_enablement_services | 4.0 | |
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*", matchCriteriaId: "F8D4881F-650A-4FA1-B604-70EBBED41AE7", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*", matchCriteriaId: "F9EB9ECB-9ABF-40ED-9116-D3FE9FC73B38", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "43F41650-7E55-436A-9935-8CE88B428680", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*", matchCriteriaId: "7BFF25B3-B7C7-479C-8C2A-995E568C3395", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*", matchCriteriaId: "88F5C363-3A38-43FC-A06D-73E280AB844B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C4030E5D-BC15-481D-A15E-98FAE65130D9", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "BBD119B9-FE11-4165-943D-119E906DC013", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "89F99C5C-C184-4A5C-B8BA-F558C4A38730", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*", matchCriteriaId: "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*", matchCriteriaId: "423E4EEB-3D6F-449E-B623-C8D051E8FA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "87089C0E-2241-46A7-93EE-EC41D52A89C6", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*", matchCriteriaId: "5BD89D61-0B42-4DDE-99F1-71570A37A136", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of \"local data viewing or restoring parameters.\"", }, { lang: "es", value: "Vulnerabilidad no especificada en el interfase de administración web de Avaya SIP Enablement Services (SES)v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x, permite a usuarios remotos autentificados, ejecutar comandos de su elección a través de vectores no específicos, relativos a la configuración de \"viendo datos locales o restaurando parámetros\".", }, ], id: "CVE-2008-6709", lastModified: "2024-11-21T00:57:16.190", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-04-10T22:00:00.703", references: [ { source: "cve@mitre.org", url: "http://secunia.com/advisories/30751", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/46603", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/29939", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=78", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30751", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/46603", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29939", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=78", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43380", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | sip_enablement_services | 3.0 | |
| avaya | sip_enablement_services | 3.1 | |
| avaya | sip_enablement_services | 3.1.1 | |
| avaya | sip_enablement_services | 4.0 | |
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*", matchCriteriaId: "F8D4881F-650A-4FA1-B604-70EBBED41AE7", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*", matchCriteriaId: "F9EB9ECB-9ABF-40ED-9116-D3FE9FC73B38", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "43F41650-7E55-436A-9935-8CE88B428680", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*", matchCriteriaId: "7BFF25B3-B7C7-479C-8C2A-995E568C3395", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*", matchCriteriaId: "88F5C363-3A38-43FC-A06D-73E280AB844B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C4030E5D-BC15-481D-A15E-98FAE65130D9", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "BBD119B9-FE11-4165-943D-119E906DC013", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "89F99C5C-C184-4A5C-B8BA-F558C4A38730", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*", matchCriteriaId: "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*", matchCriteriaId: "423E4EEB-3D6F-449E-B623-C8D051E8FA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "87089C0E-2241-46A7-93EE-EC41D52A89C6", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*", matchCriteriaId: "5BD89D61-0B42-4DDE-99F1-71570A37A136", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an \"unnecessary default application,\" (4) unspecified scripts in the states folder, (5) an unspecified \"default application\" that lists server configuration, and (6) \"full system help.\"", }, { lang: "es", value: "El interfase de administración web de Avaya SIP Enablement Services (SES) v3.x y v4.0, como las usadas en Avaya Communication Manager v3.1.x no realiza autentificación para ciertas tareas, lo que permite a atacantes remotos obtener información sensible y acceso a funcionalidades restringidas a través de (1) la utilidad de instalación de certificados, (2) secuencias de comandos no específicas en el directorio de objetos, (3) una \"aplicación por defecto no necesaria\", (4) secuencias de código no específicas en el directorio \"States\",(5) una \"aplicación por defecto\" no específica que lista la configuración del servidor, y (6) \"ayuda del sistema completa\".", }, ], id: "CVE-2008-6707", lastModified: "2024-11-21T00:57:15.847", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-04-10T22:00:00.670", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/46598", }, { source: "cve@mitre.org", url: "http://osvdb.org/46599", }, { source: "cve@mitre.org", url: "http://osvdb.org/46600", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/30751", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/29939", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=86", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=87", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=88", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=89", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=90", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=91", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/46598", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/46599", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/46600", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30751", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29939", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=86", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=87", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=88", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=89", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=90", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=91", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43381", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43384", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43389", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43393", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43394", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43395", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-08-25 21:41
Modified
2024-11-21 00:50
Severity ?
Summary
The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | sip_enablement_services | 5.0 | |
| avaya | s8300c_server | * | |
| avaya | communication_manager | 5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:sip_enablement_services:5.0:*:*:*:*:*:*:*", matchCriteriaId: "03BEFE21-9FAA-4DA0-9C75-A70C12A88123", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:avaya:s8300c_server:*:*:*:*:*:*:*:*", matchCriteriaId: "8030330C-BC31-485A-A93C-AEA910D4042C", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*", matchCriteriaId: "84E2136B-6FE3-4548-A89D-444ED9393C22", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.", }, { lang: "es", value: "El interfaz remoto de gestión en SIP Enablement Services (SES) Server en Avaya SIP Enablement Services 5.0 y Communication Manager (CM) 5.0 en el S8300C con SES activado, continua con las actualizaciones de Core router incluso con un login no válido, lo que permite a atacantes remotos provocar una denegación de servicio (corte del servicio de mensajería) o bien obtener privilegios mediante una petición de actualización.", }, ], id: "CVE-2008-3778", lastModified: "2024-11-21T00:50:06.560", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-08-25T21:41:00.000", references: [ { source: "cve@mitre.org", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/30758", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44585", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/30758", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44585", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2024-11-21 00:57
Severity ?
Summary
Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts "subscriber table passwords," (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts "subscriber table passwords."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| avaya | sip_enablement_services | 3.0 | |
| avaya | sip_enablement_services | 3.1 | |
| avaya | sip_enablement_services | 3.1.1 | |
| avaya | sip_enablement_services | 4.0 | |
| avaya | communication_manager | 3.1 | |
| avaya | communication_manager | 3.1.1 | |
| avaya | communication_manager | 3.1.2 | |
| avaya | communication_manager | 3.1.3 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.4 | |
| avaya | communication_manager | 3.1.5 | |
| avaya | communication_manager | 3.1.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.0:*:*:*:*:*:*:*", matchCriteriaId: "F8D4881F-650A-4FA1-B604-70EBBED41AE7", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.1:*:*:*:*:*:*:*", matchCriteriaId: "F9EB9ECB-9ABF-40ED-9116-D3FE9FC73B38", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "43F41650-7E55-436A-9935-8CE88B428680", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*", matchCriteriaId: "7BFF25B3-B7C7-479C-8C2A-995E568C3395", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:3.1:*:*:*:*:*:*:*", matchCriteriaId: "88F5C363-3A38-43FC-A06D-73E280AB844B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C4030E5D-BC15-481D-A15E-98FAE65130D9", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F3FC3A86-CE3D-4C12-9E31-7F7280EF9D28", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "BBD119B9-FE11-4165-943D-119E906DC013", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "89F99C5C-C184-4A5C-B8BA-F558C4A38730", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp1:*:*:*:*:*:*", matchCriteriaId: "1EAA2BC9-4794-4441-8AA8-3C1B7297FD06", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.4:sp2:*:*:*:*:*:*", matchCriteriaId: "423E4EEB-3D6F-449E-B623-C8D051E8FA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "87089C0E-2241-46A7-93EE-EC41D52A89C6", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:communication_manager:3.1.5:sp0:*:*:*:*:*:*", matchCriteriaId: "5BD89D61-0B42-4DDE-99F1-71570A37A136", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain (1) application server configuration, (2) database server configuration including encrypted passwords, (3) a system utility that decrypts \"subscriber table passwords,\" (4) a system utility that decrypts database passwords, and (5) a system utility that encrypts \"subscriber table passwords.\"", }, { lang: "es", value: "Múltiples vulnerabilidades no especificadas en el interfase de gestión web en Avaya SIP Enablement Services (SES) v3.x y v4.0, como los usados en Avaya Communicatión Manager v3.1.x, permite a atacantes remotos conseguir (1)configuración de la aplicación del servidor, (2) configuración del servidor de bases de datos, incluidas claves cifradas, (3) utilidad del sistema que desencripta \"claves de tablas de suscriptor\", (4) utilidad del sistema que desencripta las claves de la base de datos, y (5) una utilidad del sistema que encripta \"claves de tablas de suscriptor\".", }, ], id: "CVE-2008-6706", lastModified: "2024-11-21T00:57:15.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 7.8, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:C/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-04-10T22:00:00.640", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/46602", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/30751", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/29939", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=81", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=82", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=83", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=84", }, { source: "cve@mitre.org", url: "http://www.voipshield.com/research-details.php?id=85", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/46602", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/30751", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-268.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29939", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=81", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=82", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=83", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=84", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.voipshield.com/research-details.php?id=85", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1943/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43382", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43383", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43387", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43388", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-07-09 00:41
Modified
2024-11-21 00:47
Severity ?
Summary
The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| canonical | ubuntu_linux | 6.06 | |
| canonical | ubuntu_linux | 7.04 | |
| canonical | ubuntu_linux | 7.10 | |
| canonical | ubuntu_linux | 8.04 | |
| novell | linux_desktop | 9 | |
| opensuse | opensuse | 10.3 | |
| opensuse | opensuse | 11.0 | |
| suse | suse_linux_enterprise_desktop | 10 | |
| suse | suse_linux_enterprise_desktop | 10 | |
| suse | suse_linux_enterprise_server | 10 | |
| suse | suse_linux_enterprise_server | 10 | |
| debian | debian_linux | 4.0 | |
| avaya | communication_manager | * | |
| avaya | expanded_meet-me_conferencing | * | |
| avaya | intuity_audix_lx | 2.0 | |
| avaya | meeting_exchange | 5.0 | |
| avaya | message_networking | 3.1 | |
| avaya | messaging_storage_server | 4.0 | |
| avaya | proactive_contact | 4.0 | |
| avaya | sip_enablement_services | - | |
| avaya | sip_enablement_services | 4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "AFC9ED30-C7E9-498C-8936-4F59CF69C0CE", versionEndExcluding: "2.6.25.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", matchCriteriaId: "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", matchCriteriaId: "6EBDAFF8-DE44-4E80-B6BD-E341F767F501", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", matchCriteriaId: "823BF8BE-2309-4F67-A5E2-EAD98F723468", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", matchCriteriaId: "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*", matchCriteriaId: "5595E484-647C-4F85-94AB-5A4D55CD766B", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*", matchCriteriaId: "C35B68DF-1440-4587-8458-9C5F4D1E43F3", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*", matchCriteriaId: "1B42AB65-443B-4655-BAEA-4EB4A43D9509", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp1:*:*:*:*:*:*", matchCriteriaId: "44320836-E2DE-4A1C-9820-AFFA087FF7FB", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp2:*:*:*:*:*:*", matchCriteriaId: "14DF1463-F23F-465F-8A35-D550A7438CB6", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp1:*:*:*:*:*:*", matchCriteriaId: "15E235E9-EC31-4F3F-80F7-981C720FF353", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp2:*:*:*:*:*:*", matchCriteriaId: "02E6A767-B9A5-4054-BE70-286E0A464248", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", matchCriteriaId: "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:communication_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "73143989-598B-499C-A6EB-53CE5EB1C1D4", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:expanded_meet-me_conferencing:*:*:*:*:*:*:*:*", matchCriteriaId: "D49128AC-48BC-4815-8AB8-2689D9D3EB24", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:intuity_audix_lx:2.0:*:*:*:*:*:*:*", matchCriteriaId: "96733234-88DB-45EB-ACFC-1BCA21BC89E8", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:meeting_exchange:5.0:*:*:*:*:*:*:*", matchCriteriaId: "BDC2D26E-86AE-4FA1-8CBF-A775F1B240AF", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:message_networking:3.1:*:*:*:*:*:*:*", matchCriteriaId: "E871348D-8FA1-4C77-BB8E-BECF9CF2FFD9", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:messaging_storage_server:4.0:*:*:*:*:*:*:*", matchCriteriaId: "CB90E377-B821-4508-B1AB-B10F47975E54", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:proactive_contact:4.0:*:*:*:*:*:*:*", matchCriteriaId: "51C4F426-8D57-4DC8-AE52-2AEE80A57BAB", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:-:*:*:*:*:*:*:*", matchCriteriaId: "DB636851-8ED1-463C-BC6C-108E4F08F60F", vulnerable: true, }, { criteria: "cpe:2.3:a:avaya:sip_enablement_services:4.0:*:*:*:*:*:*:*", matchCriteriaId: "7BFF25B3-B7C7-479C-8C2A-995E568C3395", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.", }, { lang: "es", value: "El núcleo de Linux anterior a 2.6.25.10, no realiza de forma adecuada las operaciones tty, esto permite a usuarios locales provocar una denegación de servicio (caída del sistema) o posiblemente obtener privilegios mediante vectores que contienen referencias a puntero NULO en los punteros a funciones en (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, y (8) wireless/strip.c en drivers/net/.", }, ], id: "CVE-2008-2812", lastModified: "2024-11-21T00:47:45.920", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2008-07-09T00:41:00.000", references: [ { source: "secalert@redhat.com", url: "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/30982", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31048", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31202", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31229", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31341", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31551", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31614", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31685", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32103", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32370", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32759", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/33201", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-365.htm", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1630", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2008/07/03/2", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0612.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0665.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0973.html", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/30076", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.vupen.com/english/advisories/2008/2063/references", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43687", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/637-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commitdiff%3Bh=2a739dd53ad7ee010ae6e155438507f329dce788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/30982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31048", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31229", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31341", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31551", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31614", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31685", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32103", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32370", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32759", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/33201", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-365.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.debian.org/security/2008/dsa-1630", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2008/07/03/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0612.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0665.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0973.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/30076", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.vupen.com/english/advisories/2008/2063/references", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43687", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6633", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/637-1/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-03-16 22:19
Modified
2024-11-21 00:28
Severity ?
Summary
Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:avaya:sip_enablement_services:*:*:*:*:*:*:*:*", matchCriteriaId: "2D0106ED-5E0F-4487-804C-BF3FF4CB985F", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8300:*:*:*:*:*:*:*:*", matchCriteriaId: "7B40402E-D157-4EBB-8412-03DBF1E0F504", versionEndIncluding: "cm_3.1.2", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8500:*:*:*:*:*:*:*:*", matchCriteriaId: "82A48EDE-B603-4404-8C85-9564B0F868F2", versionEndIncluding: "cm_3.1.2", vulnerable: true, }, { criteria: "cpe:2.3:h:avaya:s8700:*:*:*:*:*:*:*:*", matchCriteriaId: "A858B92B-4B2D-4100-8E9F-F397B5C69A32", versionEndIncluding: "cm_3.1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.", }, { lang: "es", value: "Apache Tomcat en Avaya S87XX, S8500, y S8300 versiones anteriores a CM 3.1.3, y Avaya SES permite conexiones de interfaces externas mediante el puerto 8009, que lo expone a ataques de fuentes externas.", }, ], id: "CVE-2007-1491", lastModified: "2024-11-21T00:28:26.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.2, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 5.1, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-03-16T22:19:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/24434", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2007-051.htm", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/33346", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/24434", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2007-051.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/33346", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }