Vulnerability Name:

CVE-2013-2960 (CCN-83724)

Assigned:2013-06-15
Published:2013-06-15
Updated:2017-08-29
Summary:Buffer overflow in KDSMAIN in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to cause a denial of service (segmentation fault) via a crafted http URL.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2013-2960

Source: AIXAPAR
Type: UNKNOWN
IV27192

Source: AIXAPAR
Type: UNKNOWN
IV30187

Source: AIXAPAR
Type: UNKNOWN
IV40115

Source: AIXAPAR
Type: UNKNOWN
IV40116

Source: CCN
Type: IBM Security Bulletin 1635080
IBM Tivoli Monitoring Basic Services Vulnerabilities (CVE-2013-2960, CVE-2013-2961 , CVE-2013-0548, CVE-2013-0551)

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21635080

Source: CCN
Type: IBM Security Bulletin 1640752
Multiple vulnerabilities in Product IBM Application Manager For Smart Business 1.2.1 (CVE-2013-0548, CVE-2013-0551, CVE-2013-0576 , CVE-2013-2960, CVE-2013-2961, CVE-2012-2190, CVE-2012-2191, CVE-2012-2203)

Source: CONFIRM
Type: Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21640752

Source: CCN
Type: IBM Security Bulletin 1651226
IBM SmartCloud Analytics - Log Analysis - Security exposures related to http web server embedded with IBM Tivoli Monitoring components (CVE-2013-2961, CVE-2013-2960,CVE-2013-0548,CVE-2013-0551, CVE-2012-3297)

Source: CCN
Type: BID-60581
IBM Tivoli Monitoring CVE-2013-2960 Denial of Service Vulnerability

Source: XF
Type: UNKNOWN
itm-cve20132960-dos(83724)

Source: XF
Type: UNKNOWN
itm-cve20132960-dos(83724)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:tivoli_monitoring:6.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0.3:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:ibm:tivoli_monitoring:6.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1.4:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.9:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3.2:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/a:ibm:application_manager_for_smart_business:1.2.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:tivoli_monitoring:6.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3.2:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:application_manager_for_smart_business:1.2.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm tivoli monitoring 6.2.0
    ibm tivoli monitoring 6.2.0.1
    ibm tivoli monitoring 6.2.0.2
    ibm tivoli monitoring 6.2.0.3
    ibm tivoli monitoring 6.2.1
    ibm tivoli monitoring 6.2.1.1
    ibm tivoli monitoring 6.2.1.2
    ibm tivoli monitoring 6.2.1.3
    ibm tivoli monitoring 6.2.1.4
    ibm tivoli monitoring 6.2.2
    ibm tivoli monitoring 6.2.2.1
    ibm tivoli monitoring 6.2.2.2
    ibm tivoli monitoring 6.2.2.3
    ibm tivoli monitoring 6.2.2.4
    ibm tivoli monitoring 6.2.2.5
    ibm tivoli monitoring 6.2.2.6
    ibm tivoli monitoring 6.2.2.7
    ibm tivoli monitoring 6.2.2.8
    ibm tivoli monitoring 6.2.2.9
    ibm tivoli monitoring 6.2.3
    ibm tivoli monitoring 6.2.3.1
    ibm tivoli monitoring 6.2.3.2
    ibm application manager for smart business 1.2.1
    ibm tivoli monitoring 6.2.1
    ibm tivoli monitoring 6.2.2
    ibm tivoli monitoring 6.2.3
    ibm tivoli monitoring 6.2.0
    ibm tivoli monitoring 6.2.0.1
    ibm tivoli monitoring 6.2.0.2
    ibm tivoli monitoring 6.2.0.3
    ibm tivoli monitoring 6.2.1.1
    ibm tivoli monitoring 6.2.1.2
    ibm tivoli monitoring 6.2.1.3
    ibm tivoli monitoring 6.2.1.4
    ibm tivoli monitoring 6.2.2.1
    ibm tivoli monitoring 6.2.2.2
    ibm tivoli monitoring 6.2.2.3
    ibm tivoli monitoring 6.2.2.4
    ibm tivoli monitoring 6.2.2.5
    ibm tivoli monitoring 6.2.2.6
    ibm tivoli monitoring 6.2.2.7
    ibm tivoli monitoring 6.2.2.8
    ibm tivoli monitoring 6.2.2.9
    ibm tivoli monitoring 6.2.3.1
    ibm tivoli monitoring 6.2.3.2
    ibm application manager for smart business 1.2.1