Back to CVE Browser

CVE-2008-0401

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1690%

EPSS Percentile22.36th

PublishedJan 23, 2008

Last ModifiedApr 23, 2026

Vulnerability Description

Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp.

Affected Platforms (CPE)

📦

Ibm

Tivoli Provisioning Manager Os Deployment

<= 5.1.0.2

References & Advisories

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647

🔗 http://secunia.com/advisories/28604

🔗 http://www-1.ibm.com/support/docview.wss?uid=swg24018010

🔗 http://www.kb.cert.org/vuls/id/158609

🔗 http://www.securityfocus.com/bid/27387

🔗 http://www.securitytracker.com/id?1019249

🔗 http://www.vupen.com/english/advisories/2008/0239

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/39819

Related Vulnerabilities

CVE-2007-186810.0

The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipa...

CVE-2007-32687.5

The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to caus...

CVE-2010-41217.5

The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL state...

CVE-2008-665110.0

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP c...