CVE-2015-1892
IBM Security Access Manager for Web 7.x < 7.0.0.12 and 8.x < 8.0.1.1 - Information Exposure via mDNS Responder
Title source: llmDescription
The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/73683
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/550620
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21699497
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV70911
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV70913
Scores
EPSS
0.0223
EPSS Percentile
80.6%
Details
CWE
CWE-200
Status
published
Products (7)
ibm/security_access_manager_for_web_7.0_firmware
< 7.0.0.11
ibm/security_access_manager_for_web_8.0_firmware
8.0.0.1
ibm/security_access_manager_for_web_8.0_firmware
8.0.0.2
ibm/security_access_manager_for_web_8.0_firmware
8.0.0.3
ibm/security_access_manager_for_web_8.0_firmware
8.0.0.4
ibm/security_access_manager_for_web_8.0_firmware
8.0.0.5
ibm/security_access_manager_for_web_8.0_firmware
8.0.1.0
Published
Apr 01, 2015
Tracked Since
Feb 18, 2026