Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-3107 | First vendor Publication | 2009-09-08 |
Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:L/Au:N/C:P/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.8 | Attack Range | Adjacent network |
Cvss Impact Score | 4.9 | Attack Complexity | Low |
Cvss Expoit Score | 6.5 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3107 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
CAPEC-57 | Utilizing REST's Trust in the System Resource to Register Man in the Middle |
CAPEC-94 | Man in the Middle Attack |
CAPEC-114 | Authentication Abuse |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-287 | Improper Authentication |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
57458 | Symantec Altiris Deployment Solution DBManager Unspecified Authentication Bypass |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-01-08 | Name : The remote Windows host has a deployment server that is affected by multiple ... File : altiris_deployment_solution_server_6_9_430.nasl - Type : ACT_GATHER_INFO |
2009-08-31 | Name : The remote Windows host has a program that is affected by a security bypass v... File : altiris_ds_dbmanager_security_bypass.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-11-28 23:10:25 |
|
2024-11-28 12:19:47 |
|
2024-02-13 21:27:55 |
|
2021-05-04 12:10:10 |
|
2021-04-22 01:10:35 |
|
2020-05-23 00:24:18 |
|
2016-04-26 19:05:40 |
|
2014-02-17 10:51:33 |
|
2013-05-10 23:56:59 |
|
2013-02-07 13:19:38 |
|