CVE-2008-6707
Summary
| CVE | CVE-2008-6707 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-04-10 22:00:00 UTC |
| Updated | 2017-08-17 01:29:00 UTC |
| Description | The Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, does not perform authentication for certain functionality, which allows remote attackers to obtain sensitive information and access restricted functionality via (1) the certificate installation utility, (2) unspecified scripts in the objects folder, (3) an "unnecessary default application," (4) unspecified scripts in the states folder, (5) an unspecified "default application" that lists server configuration, and (6) "full system help." |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Avaya | Communication Manager | 3.1 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.1 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.2 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.3 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.4 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.4 | sp1 | All | All |
| Application | Avaya | Communication Manager | 3.1.4 | sp2 | All | All |
| Application | Avaya | Communication Manager | 3.1.5 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.5 | sp0 | All | All |
| Application | Avaya | Communication Manager | 3.1 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.1 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.2 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.3 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.4 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.4 | sp1 | All | All |
| Application | Avaya | Communication Manager | 3.1.4 | sp2 | All | All |
| Application | Avaya | Communication Manager | 3.1.5 | All | All | All |
| Application | Avaya | Communication Manager | 3.1.5 | sp0 | All | All |
| Application | Avaya | Sip Enablement Services | 3.0 | All | All | All |
| Application | Avaya | Sip Enablement Services | 3.1 | All | All | All |
| Application | Avaya | Sip Enablement Services | 3.1.1 | All | All | All |
| Application | Avaya | Sip Enablement Services | 4.0 | All | All | All |
| Application | Avaya | Sip Enablement Services | 3.0 | All | All | All |
| Application | Avaya | Sip Enablement Services | 3.1 | All | All | All |
| Application | Avaya | Sip Enablement Services | 3.1.1 | All | All | All |
| Application | Avaya | Sip Enablement Services | 4.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 46599 | OSVDB | osvdb.org | |
| SIP Enablement Service Web Interface Unrestricted Help Access | Research | VoIPshield Systems Inc. | MISC | www.voipshield.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| SIP Enablement Service Web Interface Default Application Execution | Research | VoIPshield Systems Inc. | MISC | www.voipshield.com | |
| SIP Enablement Service Web Interface Objects Folder Script Execution | Research | VoIPshield Systems Inc. | MISC | www.voipshield.com | |
| 46600 | OSVDB | osvdb.org | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Avaya SIP Enablement Services Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| SIP Enablement Service Web Interface Server Configuration Information Application Execution | Research | VoIPshield Systems Inc. | MISC | www.voipshield.com | |
| Avaya Communication Manager Multiple Security Vulnerabilities | BID | www.securityfocus.com | |
| ASA-2008-268 | CONFIRM | support.avaya.com | Vendor Advisory |
| 46598 | OSVDB | osvdb.org | |
| SIP Enablement Service Web Interface States Folder Script Execution | Research | VoIPshield Systems Inc. | MISC | www.voipshield.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| SIP Enablement Service Web Interface Certificate Utility Disclosure | Research | VoIPshield Systems Inc. | MISC | www.voipshield.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.