Vulnerability Description
The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Security Access Manager For Web 7.0 Firmware | <= 7.0.0.11 |
| Ibm | Security Access Manager For Web 8.0 Firmware | 8.0.0.1 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913
- http://www-01.ibm.com/support/docview.wss?uid=swg21699497PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/550620Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/73683Third Party AdvisoryVDB Entry
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913
- http://www-01.ibm.com/support/docview.wss?uid=swg21699497PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/550620Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/73683Third Party AdvisoryVDB Entry
FAQ
What is CVE-2015-1892?
CVE-2015-1892 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not li...
How severe is CVE-2015-1892?
CVE-2015-1892 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1892?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Access Manager For Web 7.0 Firmware, Ibm Security Access Manager For Web 8.0 Firmware.