Vulnerability Name:

CVE-2013-2961 (CCN-83725)

Assigned:2013-06-15
Published:2013-06-15
Updated:2017-08-29
Summary:The internal web server in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to perform unspecified redirection of HTTP requests, and bypass the proxy-server configuration, via crafted HTTP traffic.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-20
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2013-2961

Source: AIXAPAR
Type: UNKNOWN
IV27192

Source: AIXAPAR
Type: UNKNOWN
IV30187

Source: AIXAPAR
Type: UNKNOWN
IV40115

Source: AIXAPAR
Type: UNKNOWN
IV40116

Source: CCN
Type: IBM Security Bulletin 1635080
IBM Tivoli Monitoring Basic Services Vulnerabilities (CVE-2013-2960, CVE-2013-2961 , CVE-2013-0548, CVE-2013-0551)

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg21635080

Source: CCN
Type: IBM Security Bulletin 1640752
Multiple vulnerabilities in Product IBM Application Manager For Smart Business 1.2.1 (CVE-2013-0548, CVE-2013-0551, CVE-2013-0576 , CVE-2013-2960, CVE-2013-2961, CVE-2012-2190, CVE-2012-2191, CVE-2012-2203)

Source: CONFIRM
Type: Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21640752

Source: CCN
Type: IBM Security Bulletin 1651226
IBM SmartCloud Analytics - Log Analysis - Security exposures related to http web server embedded with IBM Tivoli Monitoring components (CVE-2013-2961, CVE-2013-2960,CVE-2013-0548,CVE-2013-0551, CVE-2012-3297)

Source: CCN
Type: BID-60582
IBM Tivoli Monitoring CVE-2013-2961 Unspecified Security Vulnerability

Source: XF
Type: UNKNOWN
itm-cve20132961-url-redirect(83725)

Source: XF
Type: UNKNOWN
itm-cve20132961-url-redirect(83725)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:tivoli_monitoring:6.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0.3:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:ibm:tivoli_monitoring:6.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1.4:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.9:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3.2:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/a:ibm:application_manager_for_smart_business:1.2.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:tivoli_monitoring:6.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.2.3.2:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:application_manager_for_smart_business:1.2.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm tivoli monitoring 6.2.0
    ibm tivoli monitoring 6.2.0.1
    ibm tivoli monitoring 6.2.0.2
    ibm tivoli monitoring 6.2.0.3
    ibm tivoli monitoring 6.2.1
    ibm tivoli monitoring 6.2.1.1
    ibm tivoli monitoring 6.2.1.2
    ibm tivoli monitoring 6.2.1.3
    ibm tivoli monitoring 6.2.1.4
    ibm tivoli monitoring 6.2.2
    ibm tivoli monitoring 6.2.2.1
    ibm tivoli monitoring 6.2.2.2
    ibm tivoli monitoring 6.2.2.3
    ibm tivoli monitoring 6.2.2.4
    ibm tivoli monitoring 6.2.2.5
    ibm tivoli monitoring 6.2.2.6
    ibm tivoli monitoring 6.2.2.7
    ibm tivoli monitoring 6.2.2.8
    ibm tivoli monitoring 6.2.2.9
    ibm tivoli monitoring 6.2.3
    ibm tivoli monitoring 6.2.3.1
    ibm tivoli monitoring 6.2.3.2
    ibm application manager for smart business 1.2.1
    ibm tivoli monitoring 6.2.1
    ibm tivoli monitoring 6.2.2
    ibm tivoli monitoring 6.2.3
    ibm tivoli monitoring 6.2.0
    ibm tivoli monitoring 6.2.0.1
    ibm tivoli monitoring 6.2.0.2
    ibm tivoli monitoring 6.2.0.3
    ibm tivoli monitoring 6.2.1.1
    ibm tivoli monitoring 6.2.1.2
    ibm tivoli monitoring 6.2.1.3
    ibm tivoli monitoring 6.2.1.4
    ibm tivoli monitoring 6.2.2.1
    ibm tivoli monitoring 6.2.2.2
    ibm tivoli monitoring 6.2.2.3
    ibm tivoli monitoring 6.2.2.4
    ibm tivoli monitoring 6.2.2.5
    ibm tivoli monitoring 6.2.2.6
    ibm tivoli monitoring 6.2.2.7
    ibm tivoli monitoring 6.2.2.8
    ibm tivoli monitoring 6.2.2.9
    ibm tivoli monitoring 6.2.3.1
    ibm tivoli monitoring 6.2.3.2
    ibm application manager for smart business 1.2.1