CVE-2010-1929

high

Description

Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/59694

http://www.vupen.com/english/advisories/2010/1575

http://www.securityfocus.com/archive/1/511983/100/0/threaded

http://www.osvdb.org/65737

http://secunia.com/advisories/40281

Details

Source: Mitre, NVD

Published: 2010-06-28

Updated: 2018-10-10

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High