CVE-2010-1929

Currently unrated

Key Information:

Vendor: Novell
Status: Imanager
Vendor: CVE Published:; 28 June 2010

Summary

Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc.

References

http://www.securityfocus.com/bid/40480

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2010/1575

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/59694

vdb-entryx_refsource_XF

EPSS Score

37% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 28, 2010
Vulnerability Reserved
May 11, 2010

Collectors

NVD DatabaseMitre Database