Published:2011/03/10  Last Updated:2011/03/10

JVN#81294135
IBM Tivoli vulnerable to denial-of-service (DoS)

Overview

IBM Tivoli contains a denial-of-service (DoS) vulnerability.

Products Affected

A wide range of products are affected. For more information, refer to the vendor's website.

Description

IBM Tivoli contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).

Impact

A remote attacker may cause a denial-of-service (DoS).

Solution

Apply a patch
Apply the appropriate patch according to the information provided by the developer.

Vendor Status

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2011.03.10

Measures Conditions Severity
Access Required can be attacked over the Internet using packets
  • High
Authentication anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required the vulnerability can be exploited without an honest user taking any action
  • High
Exploit Complexity some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls)
  • Mid-High

Description of each analysis measures

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2010-4476
JVN iPedia JVNDB-2011-000020