Update Protection against IBM Director CIM Server Consumer Name Handling Denial of Service
| Check Point Reference: | CPAI-2009-059 | |
| Date Published: | ||
| Preemptive Since: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA34212 | |
| Industry Reference(s): | ||
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? IBM Systems Director Prior to 5.20.3 | ||
| Vulnerability Description The CIM (Common Information Model) Server of IBM Director is vulnerable to a denial-of-service condition because the application fails to properly handle specially crafted requests. A remote attacker can exploit this vulnerability by sending crafted requests to the target host. Successful exploitation could result in a denial of service (DoS) condition of System Director services on the target host. |
||
|
Update/Patch Available The vendor has not released an advisory addressing this vulnerability. |
|
|
Vulnerability Details The vulnerability is in the CIM Listener process while parsing crafted HTTP requests containing overly long Consumer Names in the URI. Successful exploitation would cause the CIM server to crash. |
Protection Overview
By enabling this protection, IPS-1 will detect and block attempts to overflow the URL length while accessing the IMB CIM server.
To configure the defense, select your product from the list below and follow the related protection steps.