Vulnerability Details : CVE-2016-2935
The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2016-2935
- cpe:2.3:a:ibm:bigfix_remote_control:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-2935
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-2935
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2016-2935
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2935
-
http://www-01.ibm.com/support/docview.wss?uid=swg21991955
IBM notice: The page you requested cannot be displayedVendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IV89745
IBM IV89745: SECURITY APAR CVE-2016-2935 DENIAL OF SERVICE VULNERABILITY AFFECTS IBM BIGFIX REMOTE CONTROLVendor Advisory
-
http://www.securityfocus.com/bid/94989
IBM BigFix Remote CVE-2016-2935 Denial of Service VulnerabilityPatch;Third Party Advisory
Jump to