• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

IBM Tivoli Management Framework Endpoint Buffer Overflow Vulnerability

The Tivoli Management Framework includes a HTTP server installed on endpoint hosts by default.

It has been reported that this server is susceptible to a buffer overrun condition when GET commands of excessive length are issued by clients. Remote attackers may exploit this condition to gain remote access to target hosts.

Versions 3.6.x to (and including) 3.7.1 are vulnerable.