CVE-2007-4880

{"id": "CVE-2007-4880", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-09-28T00:17:00.000", "references": [{"url": "http://osvdb.org/38161", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26883", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3184", "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21268775", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IC52905&apar=only", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/480492", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25743", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018725", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/3228", "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-054.html", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36700", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en el Demonio Aceptador de Clientes (Client Acceptor Daemon o CAD), dsmcad.exe, en determinados clientes IBM Tivoli Storage Manager (TSM) 5.1 anterior a 5.1.8.1, 5.2 anterior a 5.2.5.2, 5.3 anterior a 5.3.5.3, y 5.4 anterior a 5.4.1.2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante cabeceras HTTP manipuladas, tambi\u00e9n conocida como IC52905."}], "lastModified": "2017-07-29T01:33:15.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_client:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5249F29D-A30C-47DE-A2E7-1643506833B6"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_client:5.1.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF8BBC00-2EE5-4679-9A55-C160C3FE0502"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_client:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0775DC8E-AFEF-4EC8-A42F-ACB266087F44"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_client:5.2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5CF5583-AD0F-41A9-A963-077D4592EE95"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_client:5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1E0A6F7-EB54-49AC-BA68-FFAFEEBF82B9"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_client:5.3.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "488891DD-FDF9-45B6-8E27-9488016617E9"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_client:5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DCA554F-03B3-44E1-A175-E3163445626E"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager_client:5.4.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29442ECF-F9F0-42CE-92BD-0C04A8E2556C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}