IBM Tivoli Management Framework Endpoint addr URL Remote Buffer Overflow

high Nessus Plugin ID 54924


A web server running on the remote host has a buffer overflow vulnerability.


According to its self-reported version, the Tivoli Endpoint installation running on the remote host is earlier than 4.1.1-LCF-0076 or 4.3.1-LCF-0012LA, and therefore has a buffer overflow vulnerability. Input to the 'opts' parameter of '/addr' is not properly validated. Authentication is required for exploitation, though this can be achieved trivially by using a built-in account.

A remote, authenticated attacker could exploit this by sending a malicious POST request to the server, resulting in arbitrary code execution.


Upgrade to Tivoli Endpoint 4.1.1-LCF-0076 / 4.3.1-LCF-0012LA or later. Alternatively, use the workaround described in the IBM advisory.

See Also

Plugin Details

Severity: High

ID: 54924

File Name: tivoli_endpoint_addr_opts_bof.nasl

Version: 1.18

Type: remote

Family: Web Servers

Published: 5/31/2011

Updated: 8/5/2020

Risk Information


Risk Factor: High

Score: 7.4


Risk Factor: High

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2011-1220

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_management_framework

Required KB Items: www/tivoli_endpoint

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/30/2011

Vulnerability Publication Date: 5/30/2011

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Metasploit (IBM Tivoli Endpoint Manager POST Query Buffer Overflow)

Reference Information

CVE: CVE-2011-1220

BID: 48049

TRA: TRA-2011-04

IAVA: 2011-A-0072-S