CVE-2015-0134 - OpenCVE

Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Domino

Configuration 1 [-]

OR	cpe:2.3:a:ibm:domino:8.5.0:::::::*
	cpe:2.3:a:ibm:domino:8.5.1:::::::*
	cpe:2.3:a:ibm:domino:8.5.2:::::::*
	cpe:2.3:a:ibm:domino:8.5.3:::::::*
	cpe:2.3:a:ibm:domino:9.0.1:::::::*

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21700029	Patch Vendor Advisory
http://www.securitytracker.com/id/1032027	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2015-04-06T00:00:00

Updated: 2015-04-08T13:57:00

Reserved: 2014-11-18T00:00:00

Link: CVE-2015-0134

JSON object: View

NVD Information

Status : Analyzed

Published: 2015-04-06T00:59:03.317

Modified: 2019-10-16T12:40:30.513

Link: CVE-2015-0134

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-30T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-04-08T13:57:00", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029"}, {"name": "1032027", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032027"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-0134", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029"}, {"name": "1032027", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032027"}]}}}}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-0134", "datePublished": "2015-04-06T00:00:00", "dateReserved": "2014-11-18T00:00:00", "dateUpdated": "2015-04-08T13:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:domino:8.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8458C5E0-40D5-41B6-BBB3-4EE1600BE1F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:domino:8.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "C1D658AF-65B4-4DD7-B445-E16615EA5D82", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:domino:8.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "2F2A7894-14F0-4FD9-A221-4A88E5CB6A0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:domino:8.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "091D9954-232A-4158-A516-35A735343121", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:domino:9.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "373527AD-D128-41CC-BEBA-6581F22D8AEE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento de buffer en la implementaci\u00f3n SSLv2 en IBM Domino 8.5.x anterior a 8.5.1 FP5 IF3, 8.5.2 anterior a FP4 IF3, 8.5.3 anterior a FP6 IF6, 9.0 anterior a IF7, y 9.0.1 anterior a FP2 IF3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."}], "id": "CVE-2015-0134", "lastModified": "2019-10-16T12:40:30.513", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-04-06T00:59:03.317", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700029"}, {"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032027"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}