CVE-2015-1892
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
01/04/2015
Last modified:
12/04/2025
Description
The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:*:*:*:*:*:*:*:* | 7.0.0.11 (including) | |
| cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913
- http://www-01.ibm.com/support/docview.wss?uid=swg21699497
- http://www.kb.cert.org/vuls/id/550620
- http://www.securityfocus.com/bid/73683
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913
- http://www-01.ibm.com/support/docview.wss?uid=swg21699497
- http://www.kb.cert.org/vuls/id/550620
- http://www.securityfocus.com/bid/73683