This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
A web server running on the remote host has a buffer overflow
According to its self-reported version, the Tivoli Endpoint
installation running on the remote host is earlier than 4.1.1-LCF-0076
or 4.3.1-LCF-0012LA, and therefore has a buffer overflow
vulnerability. Input to the 'opts' parameter of '/addr' is not
properly validated. Authentication is required for exploitation,
though this can be achieved trivially by using a built-in account.
A remote, authenticated attacker could exploit this by sending a
malicious POST request to the server, resulting in arbitrary code
See also :
Upgrade to Tivoli Endpoint 4.1.1-LCF-0076 / 4.3.1-LCF-0012LA
or later. Alternatively, use the workaround described in the
Risk factor :
High / CVSS Base Score : 9.0
CVSS Temporal Score : 7.4
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 54924 ()
Bugtraq ID: 48049
CVE ID: CVE-2011-1220
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.