CVE-2015-4947

{"id": "CVE-2015-4947", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-09-15T15:59:00.097", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI44793", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI45596", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965419", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/76658", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securitytracker.com/id/1033512", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and other products, allows remote authenticated users to execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento del buffer basado en pila en el Administration Server en IBM HTTP Server 6.1.0.x hasta la versi\u00f3n 6.1.0.47, 7.0.0.x en versiones anteriores a 7.0.0.39, 8.0.0.x en versiones anteriores a 8.0.0.12 y 8.5.x en versiones anteriores a 8.5.5.7, tal como se utiliza en WebSphere Application Server y otros productos, permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."}], "lastModified": "2019-02-12T18:36:11.257", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:http_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78F18FE4-83BA-432A-9C0C-0FAC4314E050", "versionEndIncluding": "6.1.0.47", "versionStartIncluding": "6.1.0.0"}, {"criteria": "cpe:2.3:a:ibm:http_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07BDE0FE-10BB-4F11-8A59-720987298913", "versionEndExcluding": "7.0.0.39", "versionStartIncluding": "7.0.0.0"}, {"criteria": "cpe:2.3:a:ibm:http_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8AD985A-F098-47F6-90B5-D5A3285736D1", "versionEndExcluding": "8.0.0.12", "versionStartIncluding": "8.0.0.0"}, {"criteria": "cpe:2.3:a:ibm:http_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FB17D1E-FEF4-4E1B-88A7-764CA673A686", "versionEndExcluding": "8.5.5.7", "versionStartIncluding": "8.5.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}