Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0192

CWE-1895 documents5 sources
Severity
5.0MEDIUM
EPSS
16.3%
top 5.15%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Novell Edirectory
Timeline
PublishedJul 14
Latest updateMay 2

Description

Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-hww9-65fx-h666: Off-by-one error in the iMonitor component in Novell eDirectory 82022-05-02
CVEList
CVE-2009-0192: Off-by-one error in the iMonitor component in Novell eDirectory 82009-07-14

💥Exploits & PoCs

1
Exploit-DB
Novell eDirectory iMonitor - 'Accept-Language' Request Buffer Overflow (PoC)2009-03-02

💬Community

1
Bugzilla
CVE-2009-5066 JBoss: twiddle.sh accepts credentials as command line arguments, exposing them to other local users via a process listing2012-07-24
CVE-2009-0192 (MEDIUM CVSS 5) | Off-by-one error in the iMonitor co | cvebase.io