Lucene search

MitreCVE-2008-1705

HistoryApr 09, 2008 - 7:05 p.m.

CVE-2008-1705

2008-04-0919:05:00

CWE-134

mitre

web.nvd.nist.gov

ibm

soliddb

format string vulnerability

logging

nvd

cve-2008-1705

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.056

Percentile

93.3%

JSON

Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields.

Affected configurations

Nvd

Node

ibmsoliddbMatch06.00.1018

VendorProductVersionCPE
ibmsoliddb06.00.1018cpe:2.3:a:ibm:soliddb:06.00.1018:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	soliddb	06.00.1018	cpe:2.3:a:ibm:soliddb:06.00.1018:::::::*

References

aluigi.altervista.org/adv/soliduro-adv.txt

aluigi.org/poc/soliduro.zip

secunia.com/advisories/29512

securitytracker.com/id?1019721

www.securityfocus.com/archive/1/490129/100/0/threaded

www.securityfocus.com/bid/28468

www.vupen.com/english/advisories/2008/1038

exchange.xforce.ibmcloud.com/vulnerabilities/41485

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.056

Percentile

93.3%

JSON

Related for CVE-2008-1705