CVE-2005-1872

Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.appsecinc.com/resources/alerts/general/WEBSPHERE-001.html	Vendor Advisory
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24009775	Patch Vendor Advisory
http://www.osvdb.org/17041	Vendor Advisory
http://secunia.com/advisories/15598/	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=111817727120752&w=2

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:websphere_application_server:5.0:*:*:*:*:*:*:*

Information

Published : 2005-06-02 21:00

Updated : 2016-10-17 20:23

NVD link : CVE-2005-1872

Mitre link : CVE-2005-1872

JSON object : View

CWE

NVD-CWE-Other

Products Affected

ibm

websphere_application_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.appsecinc.com/resources/alerts/general/WEBSPHERE-001.html", "name": "http://www.appsecinc.com/resources/alerts/general/WEBSPHERE-001.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24009775", "name": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24009775", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.osvdb.org/17041", "name": "17041", "tags": ["Vendor Advisory"], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/15598/", "name": "15598", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=111817727120752&w=2", "name": "20050607 [AppSecInc Advisory WEBSP05-V0098] Remote Buffer overflow in WebSphere Application Server Administrative Console", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-1872", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-06-03T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2016-10-18T03:23Z"}

7.5 /10