CVE-2010-0284

CWE-22Path Traversal5 documents5 sources
Severity
10.0CRITICAL
EPSS
6.8%
top 8.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Novell Access Manager
Timeline
PublishedJun 18
Latest updateMay 2

Description

Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-22m7-r3qp-8jxg: Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps2022-05-02
CVEList
CVE-2010-0284: Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps2010-06-18

💥Exploits & PoCs

1
Exploit-DB
UoW IMAPd Server - LSUB Buffer Overflow (Metasploit)2010-03-26

💬Community

1
Bugzilla
CVE-2011-0284 krb5 (krb5kdc): Double-free flaw by handling error messages upon receiving certain AS_REQ's (MITKRB5-SA-2011-003)2011-02-01
CVE-2010-0284 (CRITICAL CVSS 10) | Directory traversal vulnerability i | cvebase.io