Security Database IT Watching - Alert Detail

INFORMATION

Name	:	CVE-2010-0557	First Publication	:	2010-02-05
Severity	:	High	Last Modification	:	2010-02-08

SCORING CVSS v2

Cvss Base Score	:	7.5	Attack Range	:	Network
Cvss Impact Score	:	6.4	Attack Complexity	:	Low
Cvss Expoit Score	:	10	Authentification	:	None Required
Calculate full CVSS 2.0 Vectors scores

DETAIL

IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials.

CWE COMMON WEAKNESS ENUMERATION

CWE-255 - Credentials Management

CPE COMMON PLATFORM ENUMERATION

Application : Ibm Cognos express
- cpe:/a:ibm:cognos_express:9.0

SAINT EXPLOITS

IBM Cognos Express Server Backdoor Account Remote Code Execution. More info here

OPEN SOURCE VULNERABILTY DATABASE (OSVDB)

62118 : IBM Cognos Express Tomcat Manager Hardcoded Credentials.

SECONDARY(S) SOURCE(S)

Source : BID
Url : http://www.securityfocus.com/bid/38084

Source : CONFIRM
Url : http://www-01.ibm.com/support/docview.wss?uid=swg21419179

Source : OSVDB
Url : http://www.osvdb.org/62118

Source : SECUNIA
Url : http://secunia.com/advisories/38457

Source : VUPEN
Url : http://www.vupen.com/english/advisories/2010/0297