CVE-2010-0557 : IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial

IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials.

Published 2010-02-05 22:30:02

Updated 2010-02-08 05:00:00

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2010-0557

Probability of exploitation activity in the next 30 days: 0.62%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2010-0557

Apache Tomcat Manager Application Deployer Authenticated Code Execution

Disclosure Date: 2009-11-09

First seen: 2020-04-26

exploit/multi/http/tomcat_mgr_deploy

This module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a PUT request. The manager application can also be abused using /manager/h

More information
Tomcat Application Manager Login Utility

First seen: 2020-04-26

auxiliary/scanner/http/tomcat_mgr_login

This module simply attempts to login to a Tomcat Application Manager instance using a specific user/pass. Authors: - MC <mc@metasploit.com> - Matteo Cantoni <goony@nothink.org> - jduck <jduck@metasploit.com>

More information
Apache Tomcat Manager Authenticated Upload Code Execution

Disclosure Date: 2009-11-09

First seen: 2020-04-26

exploit/multi/http/tomcat_mgr_upload

This module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a POST request against the /manager/html/upload component. NOTE: The

More information

CVSS scores for CVE-2010-0557

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2010-0557

CWE-255

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-0557

http://www.securityfocus.com/bid/38084

IBM Cognos Express Hardcoded Credentials Security Bypass Vulnerability
http://www-01.ibm.com/support/docview.wss?uid=swg21419179

IBM notice: The page you requested cannot be displayed
Vendor Advisory
http://www.vupen.com/english/advisories/2010/0297

Webmail | OVH- OVH
Vendor Advisory

Products affected by CVE-2010-0557

IBM » Cognos Express » Version: 9.0
cpe:2.3:a:ibm:cognos_express:9.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2010-0557

Exploit prediction scoring system (EPSS) score for CVE-2010-0557

Metasploit modules for CVE-2010-0557

Apache Tomcat Manager Application Deployer Authenticated Code Execution

Tomcat Application Manager Login Utility

Apache Tomcat Manager Authenticated Upload Code Execution

CVSS scores for CVE-2010-0557

CWE ids for CVE-2010-0557

References for CVE-2010-0557

Products affected by CVE-2010-0557