Lucene search

[email protected]CVE-2010-0919

HistoryMar 03, 2010 - 7:30 p.m.

CVE-2010-0919

2010-03-0319:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-0919

stack-based buffer overflow

lotus domino

ibm lotus inotes

dwa

remote code execution

prad7jtnhj

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.1%

JSON

Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ.

Affected configurations

NVD

Node

ibmdomino_web_accessMatch6.5

ibmdomino_web_accessMatch7.0

ibmdomino_web_accessMatch7.0.1

ibmdomino_web_accessMatch7.0.2

ibmdomino_web_accessMatch7.0.3

ibmdomino_web_accessMatch8.0

ibmdomino_web_accessMatch8.0.2

Node

ibmlotus_inotesRange≤229.271

ibmlotus_inotesMatch229.011

ibmlotus_inotesMatch229.021

ibmlotus_inotesMatch229.031

ibmlotus_inotesMatch229.041

ibmlotus_inotesMatch229.051

ibmlotus_inotesMatch229.061

ibmlotus_inotesMatch229.101

ibmlotus_inotesMatch229.111

ibmlotus_inotesMatch229.131

ibmlotus_inotesMatch229.141

ibmlotus_inotesMatch229.151

ibmlotus_inotesMatch229.161

ibmlotus_inotesMatch229.171

ibmlotus_inotesMatch229.181

ibmlotus_inotesMatch229.191

ibmlotus_inotesMatch229.201

ibmlotus_inotesMatch229.211

ibmlotus_inotesMatch229.221

ibmlotus_inotesMatch229.231

ibmlotus_inotesMatch229.241

ibmlotus_inotesMatch229.251

ibmlotus_inotesMatch229.261

AND

ibmlotus_dominoMatch8.0.2.4

CPENameOperatorVersion
ibm:domino_web_accessibm domino web accesseq6.5
ibm:domino_web_accessibm domino web accesseq7.0
ibm:domino_web_accessibm domino web accesseq7.0.1
ibm:domino_web_accessibm domino web accesseq7.0.2
ibm:domino_web_accessibm domino web accesseq7.0.3
ibm:domino_web_accessibm domino web accesseq8.0
ibm:domino_web_accessibm domino web accesseq8.0.2

CPE	Name	Operator	Version
ibm:domino_web_access	ibm domino web access	eq	6.5
ibm:domino_web_access	ibm domino web access	eq	7.0
ibm:domino_web_access	ibm domino web access	eq	7.0.1
ibm:domino_web_access	ibm domino web access	eq	7.0.2
ibm:domino_web_access	ibm domino web access	eq	7.0.3
ibm:domino_web_access	ibm domino web access	eq	8.0
ibm:domino_web_access	ibm domino web access	eq	8.0.2

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=857

secunia.com/advisories/38681

secunia.com/advisories/38744

secunia.com/advisories/38755

securitytracker.com/id?1023662

www-01.ibm.com/support/docview.wss?uid=swg21421808

www-01.ibm.com/support/docview.wss?uid=swg27018109

www.osvdb.org/62612

www.securityfocus.com/bid/38457

www.securityfocus.com/bid/38459

www.vupen.com/english/advisories/2010/0495

www.vupen.com/english/advisories/2010/0496

exchange.xforce.ibmcloud.com/vulnerabilities/56555

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.1%

JSON

Related for CVE-2010-0919

prion1 seebug1 cvelist1 nvd1