Vulnerability Details : CVE-2010-1929
Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2010-1929
Probability of exploitation activity in the next 30 days: 49.28%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-1929
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
CWE ids for CVE-2010-1929
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1929
-
http://www.vupen.com/english/advisories/2010/1575
Webmail | OVH- OVHVendor Advisory
-
http://securitytracker.com/id?1024152
Novell iManager Bugs Let Remote Users Deny Service and Remote Authenticated Users Execute Arbitrary Code - SecurityTrackerExploit
-
http://www.securityfocus.com/bid/40480
Novell iManager Schema Create Class Stack Buffer Overflow VulnerabilityExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/59694
Novell iManager class buffer overflow CVE-2010-1929 Vulnerability Report
-
http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities
Novell iManager Multiple Vulnerabilities | Core SecurityExploit
-
http://www.exploit-db.com/exploits/14010
Novell iManager - Multiple Vulnerabilities - Novell dos ExploitExploit
-
http://www.securityfocus.com/archive/1/511983/100/0/threaded
SecurityFocus
Products affected by CVE-2010-1929
- cpe:2.3:a:novell:imanager:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7.3:ftf2:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7.3:*:*:*:*:*:*:*