CVE-2007-1868 : The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly hand

The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via crafted POST requests to port 8080/tcp or 443/tcp.

Published 2007-04-04 16:19:00

Updated 2017-07-29 01:31:04

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2007-1868

Probability of exploitation activity in the next 30 days: 84.31%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2007-1868

IBM TPM for OS Deployment 5.1.0.x rembo.exe Buffer Overflow

Disclosure Date: 2007-05-02

First seen: 2020-04-26

exploit/windows/http/ibm_tpmfosd_overflow

This is a stack buffer overflow exploit for IBM Tivoli Provisioning Manager for OS Deployment version 5.1.0.X. Authors: - toto

More information

CVSS scores for CVE-2007-1868

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2007-1868

http://www.securitytracker.com/id?1017840
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=498

Patch;Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg24015347

Patch
http://www.vupen.com/english/advisories/2007/1199
https://exchange.xforce.ibmcloud.com/vulnerabilities/33384
http://www.securityfocus.com/bid/23264

IBM Tivoli Provisioning Manager OS Deployment Multiple Stack Buffer Overflow Vulnerabilities

Products affected by CVE-2007-1868

IBM » Tivoli Provisioning Manager Os Deployment » Version: 5.1.0.116
cpe:2.3:a:ibm:tivoli_provisioning_manager_os_deployment:5.1.0.116:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-1868

Exploit prediction scoring system (EPSS) score for CVE-2007-1868

Metasploit modules for CVE-2007-1868

IBM TPM for OS Deployment 5.1.0.x rembo.exe Buffer Overflow

CVSS scores for CVE-2007-1868

References for CVE-2007-1868

Products affected by CVE-2007-1868