ByteOS Network

NVD Vulnerability Details :

CVE-2015-1892

Modified

Source-psirt@us.ibm.com

Published At-01 Apr, 2015 | 02:00

Updated At-06 May, 2026 | 22:30

The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

IBM Corporation

>>security_access_manager_for_web_7.0_firmware>>Versions up to 7.0.0.11(inclusive)

cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:*:*:*:*:*:*:*:*

IBM Corporation

>>security_access_manager_for_web_8.0_firmware>>8.0.0.1

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*

IBM Corporation

>>security_access_manager_for_web_8.0_firmware>>8.0.0.2

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*

IBM Corporation

>>security_access_manager_for_web_8.0_firmware>>8.0.0.3

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*

IBM Corporation

>>security_access_manager_for_web_8.0_firmware>>8.0.0.4

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.4:*:*:*:*:*:*:*

IBM Corporation

>>security_access_manager_for_web_8.0_firmware>>8.0.0.5

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*

IBM Corporation

>>security_access_manager_for_web_8.0_firmware>>8.0.1.0

cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov

CWE ID: CWE-200

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911	psirt@us.ibm.com	N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913	psirt@us.ibm.com	N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21699497	psirt@us.ibm.com	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/550620	psirt@us.ibm.com	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/73683	psirt@us.ibm.com	Third Party Advisory VDB Entry
http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21699497	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/550620	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/73683	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry