CVE-2015-1892

IBM Security Access Manager for Web 7.x < 7.0.0.12 and 8.x < 8.0.1.1 - Information Exposure via mDNS Responder

Title source: llm
STIX 2.1

Description

The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/73683
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/550620
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21699497
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913

Scores

EPSS 0.0223
EPSS Percentile 80.6%

Details

CWE
CWE-200
Status published
Products (7)
ibm/security_access_manager_for_web_7.0_firmware < 7.0.0.11
ibm/security_access_manager_for_web_8.0_firmware 8.0.0.1
ibm/security_access_manager_for_web_8.0_firmware 8.0.0.2
ibm/security_access_manager_for_web_8.0_firmware 8.0.0.3
ibm/security_access_manager_for_web_8.0_firmware 8.0.0.4
ibm/security_access_manager_for_web_8.0_firmware 8.0.0.5
ibm/security_access_manager_for_web_8.0_firmware 8.0.1.0
Published Apr 01, 2015
Tracked Since Feb 18, 2026