CVE-2007-1491

Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.

CVSS v2.0 5.2 MEDIUM

5.2^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 5.1 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://support.avaya.com/elmodocs2/security/ASA-2007-051.htm	Vendor Advisory
http://secunia.com/advisories/24434	Vendor Advisory
http://www.osvdb.org/33346

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:avaya:s8300::::::::
	cpe:2.3:h:avaya:s8700::::::::
	cpe:2.3:a:avaya:sip_enablement_services::::::::
	cpe:2.3:h:avaya:s8500::::::::

Information

Published : 2007-03-16 15:19

Updated : 2008-09-05 14:20

NVD link : CVE-2007-1491

Mitre link : CVE-2007-1491

JSON object : View

CWE

NVD-CWE-Other

Products Affected

avaya

s8700
s8300
s8500
sip_enablement_services

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-051.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-051.htm", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/24434", "name": "24434", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/33346", "name": "33346", "tags": [], "refsource": "OSVDB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-1491", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.2, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2007-03-16T22:19Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:avaya:s8300:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "cm_3.1.2"}, {"cpe23Uri": "cpe:2.3:h:avaya:s8700:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "cm_3.1.2"}, {"cpe23Uri": "cpe:2.3:a:avaya:sip_enablement_services:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:avaya:s8500:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "cm_3.1.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T21:20Z"}

5.2 /10