CVE-2007-1491

Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.

CVSS v2.0 5.2 MEDIUM

5.2^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 5.1 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/24434	Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-051.htm	Vendor Advisory
http://www.osvdb.org/33346

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:avaya:sip_enablement_services::::::::
	cpe:2.3:h:avaya:s8300::::::::
	cpe:2.3:h:avaya:s8500::::::::
	cpe:2.3:h:avaya:s8700::::::::

History

No history.

Information

Published : 2007-03-16 22:19

Updated : 2024-02-28 11:01

NVD link : CVE-2007-1491

Mitre link : CVE-2007-1491

CVE.ORG link : CVE-2007-1491

JSON object : View

Products Affected

avaya

s8700
s8500
sip_enablement_services
s8300

CWE

NVD-CWE-Other

{"id": "CVE-2007-1491", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.2, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-03-16T22:19:00.000", "references": [{"url": "http://secunia.com/advisories/24434", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-051.htm", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/33346", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties."}, {"lang": "es", "value": "Apache Tomcat en Avaya S87XX, S8500, y S8300 versiones anteriores a CM 3.1.3, y Avaya SES permite conexiones de interfaces externas mediante el puerto 8009, que lo expone a ataques de fuentes externas."}], "lastModified": "2008-09-05T21:20:38.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:avaya:sip_enablement_services:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D0106ED-5E0F-4487-804C-BF3FF4CB985F"}, {"criteria": "cpe:2.3:h:avaya:s8300:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B40402E-D157-4EBB-8412-03DBF1E0F504", "versionEndIncluding": "cm_3.1.2"}, {"criteria": "cpe:2.3:h:avaya:s8500:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82A48EDE-B603-4404-8C85-9564B0F868F2", "versionEndIncluding": "cm_3.1.2"}, {"criteria": "cpe:2.3:h:avaya:s8700:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A858B92B-4B2D-4100-8E9F-F397B5C69A32", "versionEndIncluding": "cm_3.1.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}