[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-1560

Date: (C)2011-04-05   (M)2017-08-18
 
CVSS Score: 9.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attackers to bypass authentication via a short length value.

Reference:
SECUNIA-44030
OSVDB-71494
ADV-2011-0854
http://www.ibm.com/support/docview.wss?uid=swg21474552
http://www.zerodayinitiative.com/advisories/ZDI-11-115/
soliddb-auth-bypass(66455)

CPE    23
cpe:/a:ibm:soliddb:4.5.169
cpe:/a:ibm:soliddb:4.5.168
cpe:/a:ibm:soliddb:4.5.167
cpe:/a:ibm:soliddb:4.5.173
...
CWE    1
CWE-255
OVAL    2
oval:org.secpod.oval:def:986
oval:org.secpod.oval:def:654

© 2013 SecPod Technologies