CVE-2010-4592 - OpenCVE

The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly handle failed attempts at establishing HTTP-TCP sessions, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) by making many TCP connection attempts.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Lotus Mobile Connect

Configuration 1 [-]

OR	cpe:2.3:a:ibm:lotus_mobile_connect::::::::
	cpe:2.3:a:ibm:lotus_mobile_connect:6.1.1:::::::*
	cpe:2.3:a:ibm:lotus_mobile_connect:6.1.1.1:::::::*
	cpe:2.3:a:ibm:lotus_mobile_connect:6.1.2:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/42703
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ74588
http://www-01.ibm.com/support/docview.wss?uid=swg27020327

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-12-22T20:00:00

Updated: 2024-08-07T03:51:17.944Z

Reserved: 2010-12-22T00:00:00

Link: CVE-2010-4592

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-12-22T21:00:19.897

Modified: 2011-01-11T06:46:26.533

Link: CVE-2010-4592

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-12-10T00:00:00", "descriptions": [{"lang": "en", "value": "The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly handle failed attempts at establishing HTTP-TCP sessions, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) by making many TCP connection attempts."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-01-11T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "42703", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42703"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27020327"}, {"name": "IZ74588", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ74588"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-4592", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly handle failed attempts at establishing HTTP-TCP sessions, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) by making many TCP connection attempts."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "42703", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42703"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27020327", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27020327"}, {"name": "IZ74588", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ74588"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:51:17.944Z"}, "title": "CVE Program Container", "references": [{"name": "42703", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42703"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27020327"}, {"name": "IZ74588", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ74588"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-4592", "datePublished": "2010-12-22T20:00:00", "dateReserved": "2010-12-22T00:00:00", "dateUpdated": "2024-08-07T03:51:17.944Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_mobile_connect:*:*:*:*:*:*:*:*", "matchCriteriaId": "75136F07-4EFA-416D-BCAC-F7F30C01BC07", "versionEndIncluding": "6.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_mobile_connect:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A28E8A18-0943-4568-B083-C765E8ED1D14", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_mobile_connect:6.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7AF526B5-BEE8-49B8-9689-E5DED3D86CF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:lotus_mobile_connect:6.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "8B5A2F13-8DCE-4ED1-8E16-9A6BF8C45DD8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly handle failed attempts at establishing HTTP-TCP sessions, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) by making many TCP connection attempts."}, {"lang": "es", "value": "funcionalidad Mobile Network Connections Connection Manager en IBM Lotus Mobile Connect anterior v6.1.4, cuando el servicio de acceso HTTP (HTTP-AS) est\u00e1 activo, no establece adecuadamente las sesiones HTTP-TCP, permitidiendo que atacantse remotos causen una denegaci\u00f3n de servicio (consumo de memoria y caida de demonio) por creaci\u00f3n de numerosos intentos de conexiones TCP. \r\n\r\n"}], "id": "CVE-2010-4592", "lastModified": "2011-01-11T06:46:26.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-12-22T21:00:19.897", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/42703"}, {"source": "cve@mitre.org", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ74588"}, {"source": "cve@mitre.org", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27020327"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}