nvd-json-data-feeds/CVE-2009/CVE-2009-12xx/CVE-2009-1240.json

{
  "id": "CVE-2009-1240",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2009-04-03T18:30:00.657",
  "lastModified": "2024-11-21T01:01:59.260",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no especificada en el motor Proventia de IBM versi\u00f3n 4.9.0.0.44 20081231, tal y como es usado en Proventia Network Mail Security System , Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), y posiblemente otros productos de IBM, permite a los atacantes remotos omitir la detecci\u00f3n de malware por medio de un archivo RAR modificado."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "baseScore": 10.0,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE"
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ibm:proventia_desktop_endpoint_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B77F1551-5C37-4D5B-AC86-C2965083B93D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ibm:proventia_network_mail_security_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C520BF35-8406-44E3-8FC6-D8BD7242D13B"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:network_multi-function_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F24569C0-A783-4CFC-9A74-794DBA96E719"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:proventia_network_mail_security_system_virtual_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F19781E-ECC4-40A0-8027-2DC059FB989E"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/archive/1/502369/100/0/threaded",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/archive/1/504987/100/0/threaded",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/archive/1/504992/100/0/threaded",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/archive/1/504995/100/0/threaded",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securityfocus.com/bid/34345",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.securityfocus.com/archive/1/502369/100/0/threaded",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.securityfocus.com/archive/1/504987/100/0/threaded",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.securityfocus.com/archive/1/504992/100/0/threaded",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.securityfocus.com/archive/1/504995/100/0/threaded",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.securityfocus.com/bid/34345",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ],
  "evaluatorComment": "Per: http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417\r\n\r\nAlthough the Virus Prevention System technology was, at one time, incorporated into the IBM Proventia Network MFS and the Proventia Network Mail appliances, this capability was removed in Jan 2008. For this reason, this vulnerability does not apply to these product lines.\r\n\r\nThe Virus Prevention System technology is currently incorporated into Proventia Desktop. However, the Proventia Desktop product is not affected by this evasion.\r\n\r\nNo other IBM ISS products currently incorporate the Virus Prevention System technology."
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2009-1240",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2009-04-03T18:30:00.657",`
Auto-Update: 2024-11-22T09:12:11.646040+00:00 2024-11-22 09:15:19 +00:00			`"lastModified": "2024-11-21T01:01:59.260",`
bootstrap 2023-04-24 12:24:31 +02:00			`"vulnStatus": "Modified",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"cveTags": [],`
bootstrap 2023-04-24 12:24:31 +02:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive."`
			`},`
			`{`
			`"lang": "es",`
			`"value": "Una vulnerabilidad no especificada en el motor Proventia de IBM versi\u00f3n 4.9.0.0.44 20081231, tal y como es usado en Proventia Network Mail Security System , Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), y posiblemente otros productos de IBM, permite a los atacantes remotos omitir la detecci\u00f3n de malware por medio de un archivo RAR modificado."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",`
Auto-Update: 2024-11-22T09:12:11.646040+00:00 2024-11-22 09:15:19 +00:00			`"baseScore": 10.0,`
bootstrap 2023-04-24 12:24:31 +02:00			`"accessVector": "NETWORK",`
			`"accessComplexity": "LOW",`
			`"authentication": "NONE",`
			`"confidentialityImpact": "COMPLETE",`
			`"integrityImpact": "COMPLETE",`
Auto-Update: 2024-11-22T09:12:11.646040+00:00 2024-11-22 09:15:19 +00:00			`"availabilityImpact": "COMPLETE"`
bootstrap 2023-04-24 12:24:31 +02:00			`},`
			`"baseSeverity": "HIGH",`
			`"exploitabilityScore": 10.0,`
			`"impactScore": 10.0,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "NVD-CWE-noinfo"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:ibm:proventia_desktop_endpoint_security::::::::",`
			`"matchCriteriaId": "B77F1551-5C37-4D5B-AC86-C2965083B93D"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:ibm:proventia_network_mail_security_system::::::::",`
			`"matchCriteriaId": "C520BF35-8406-44E3-8FC6-D8BD7242D13B"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:h:ibm:network_multi-function_security::::::::",`
			`"matchCriteriaId": "F24569C0-A783-4CFC-9A74-794DBA96E719"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:h:ibm:proventia_network_mail_security_system_virtual_appliance::::::::",`
			`"matchCriteriaId": "3F19781E-ECC4-40A0-8027-2DC059FB989E"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "http://www.securityfocus.com/archive/1/502369/100/0/threaded",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "http://www.securityfocus.com/archive/1/504987/100/0/threaded",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "http://www.securityfocus.com/archive/1/504992/100/0/threaded",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "http://www.securityfocus.com/archive/1/504995/100/0/threaded",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "http://www.securityfocus.com/bid/34345",`
			`"source": "cve@mitre.org"`
Auto-Update: 2024-11-22T09:12:11.646040+00:00 2024-11-22 09:15:19 +00:00			`},`
			`{`
			`"url": "http://blog.zoller.lu/2009/04/ibm-proventia-evasion-limited-details.html",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "http://www.securityfocus.com/archive/1/502369/100/0/threaded",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "http://www.securityfocus.com/archive/1/504987/100/0/threaded",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "http://www.securityfocus.com/archive/1/504992/100/0/threaded",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "http://www.securityfocus.com/archive/1/504995/100/0/threaded",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "http://www.securityfocus.com/bid/34345",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
bootstrap 2023-04-24 12:24:31 +02:00			`}`
Auto-Update: 2024-11-22T09:12:11.646040+00:00 2024-11-22 09:15:19 +00:00			`],`
			"evaluatorComment": "Per: http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_adp.php?p_faqid=5417\r\n\r\nAlthough the Virus Prevention System technology was, at one time, incorporated into the IBM Proventia Network MFS and the Proventia Network Mail appliances, this capability was removed in Jan 2008. For this reason, this vulnerability does not apply to these product lines.\r\n\r\nThe Virus Prevention System technology is currently incorporated into Proventia Desktop. However, the Proventia Desktop product is not affected by this evasion.\r\n\r\nNo other IBM ISS products currently incorporate the Virus Prevention System technology."
bootstrap 2023-04-24 12:24:31 +02:00			`}`