Vulnerability Details : CVE-2007-4880
Public exploit exists!
Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2007-4880
Probability of exploitation activity in the next 30 days: 96.73%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2007-4880
-
IBM Tivoli Storage Manager Express CAD Service Buffer Overflow
Disclosure Date: 2007-09-24First seen: 2020-04-26exploit/windows/http/ibm_tsm_cad_headerThis module exploits a stack buffer overflow in the IBM Tivoli Storage Manager Express CAD Service (5.3.3). By sending an overly long GET request, it may be possible for an attacker to execute arbitrary code. Authors: - MC <mc@metasploit.com>
CVSS scores for CVE-2007-4880
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2007-4880
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-4880
- http://www-1.ibm.com/support/docview.wss?uid=swg21268775
-
http://www.securityfocus.com/bid/25743
IBM Tivoli Storage Manager Client Multiple VulnerabilitiesPatch
-
http://www-1.ibm.com/support/search.wss?rs=0&q=IC52905&apar=only
Patch
- http://www.securitytracker.com/id?1018725
- http://www.vupen.com/english/advisories/2007/3228
-
http://securityreason.com/securityalert/3184
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/36700
-
http://www.securityfocus.com/archive/1/480492
-
http://www.zerodayinitiative.com/advisories/ZDI-07-054.html
Products affected by CVE-2007-4880
- cpe:2.3:a:ibm:tivoli_storage_manager_client:5.3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager_client:5.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager_client:5.1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager_client:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager_client:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager_client:5.4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager_client:5.2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_storage_manager_client:5.3:*:*:*:*:*:*:*