Remote Code Execution Vulnerability in IBM Tivoli Provisioning Manager for OS Deployment
CVE-2007-1868

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Provisioning Manager Os Deployment
Vendor: CVE Published:; 4 April 2007

Summary

The management service of IBM Tivoli Provisioning Manager for OS Deployment prior to version 5.1 Fix Pack 2 is susceptible to vulnerabilities associated with improper handling of multipart/form-data in HTTP POST requests. This oversight enables remote attackers to craft specific POST requests sent to TCP ports 8080 or 443, potentially executing arbitrary code or causing a denial of service by crashing the service daemon.

References

http://www.vupen.com/english/advisories/2007/1199

vdb-entryx_refsource_VUPEN

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

http://www-1.ibm.com/support/docview.wss?uid=swg24015347

x_refsource_MISC

EPSS Score

75% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 4, 2007
Vulnerability Reserved
Apr 4, 2007