Vulnerability Details : CVE-2010-1930
Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-1930
Probability of exploitation activity in the next 30 days: 3.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-1930
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-1930
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1930
-
http://www.vupen.com/english/advisories/2010/1575
Webmail | OVH- OVHVendor Advisory
-
http://securitytracker.com/id?1024152
Novell iManager Bugs Let Remote Users Deny Service and Remote Authenticated Users Execute Arbitrary Code - SecurityTrackerExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/59695
Novell iManager Tree denial of service CVE-2010-1930 Vulnerability Report
-
http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities
Novell iManager Multiple Vulnerabilities | Core SecurityExploit
-
http://www.exploit-db.com/exploits/14010
Novell iManager - Multiple Vulnerabilities - Novell dos ExploitExploit
-
http://www.securityfocus.com/archive/1/511983/100/0/threaded
SecurityFocus
-
http://www.securityfocus.com/bid/40485
Novell iManager Long TREE Field Off-By-One Denial of Service Vulnerability
Products affected by CVE-2010-1930
- cpe:2.3:a:novell:imanager:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7.3:ftf2:*:*:*:*:*:*
- cpe:2.3:a:novell:imanager:2.7.3:*:*:*:*:*:*:*