CVE-2007-1868

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Provisioning Manager Os Deployment
Vendor: CVE Published:; 4 April 2007

Summary

The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via crafted POST requests to port 8080/tcp or 443/tcp.

References

http://www.vupen.com/english/advisories/2007/1199

vdb-entryx_refsource_VUPEN

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

http://www-1.ibm.com/support/docview.wss?uid=swg24015347

x_refsource_MISC

EPSS Score

91% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 4, 2007
Vulnerability Reserved
Apr 4, 2007