CVE-2010-1929

Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
novellimanager
2.7.0
novellimanager
2.7.3
novellimanager
2.7.3:ftf2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/40281
http://securitytracker.com/id?1024152
http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities
http://www.exploit-db.com/exploits/14010
http://www.osvdb.org/65737
http://www.securityfocus.com/archive/1/511983/100/0/threaded
http://www.securityfocus.com/bid/40480
http://www.vupen.com/english/advisories/2010/1575
https://exchange.xforce.ibmcloud.com/vulnerabilities/59694
http://secunia.com/advisories/40281
http://securitytracker.com/id?1024152
http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities
http://www.exploit-db.com/exploits/14010
http://www.osvdb.org/65737
http://www.securityfocus.com/archive/1/511983/100/0/threaded
http://www.securityfocus.com/bid/40480
http://www.vupen.com/english/advisories/2010/1575
https://exchange.xforce.ibmcloud.com/vulnerabilities/59694