Remote Connection Exposure in Avaya Communications Systems
CVE-2007-1491

Currently unrated

Key Information:

Vendor: Avaya
Status: S8500; Sip Enablement Services; S8700; S8300
Vendor: CVE Published:; 16 March 2007

Summary

The Avaya S87XX, S8500, and S8300 systems, as well as the Avaya SES, have a vulnerability due to Apache Tomcat allowing connections via port 8009 from external interfaces. This exposes the systems to potential attacks, as unauthorized users can exploit this access to compromise the security of the communications framework. Organizations using affected versions should prioritize patching and securing their systems against unauthorized external connections.

References

http://support.avaya.com/elmodocs2/security/ASA-2007-051.htm

x_refsource_CONFIRM

http://secunia.com/advisories/24434

third-party-advisoryx_refsource_SECUNIA

http://www.osvdb.org/33346

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Mar 16, 2007
Vulnerability Reserved
Mar 16, 2007