CVE-2010-1223

2010-04-0715:30:00

CWE-119

mitre

web.nvd.nist.gov

ca xosoft

buffer overflow

remote attack

arbitrary code execution

cve-2010-1223

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.881

Percentile

98.7%

JSON

Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service.

Affected configurations

Nvd

Node

caxosoft_content_distributionMatchr12.0

caxosoft_content_distributionMatchr12.5

caxosoft_high_availabilityMatchr12.0

caxosoft_high_availabilityMatchr12.5

caxosoft_replicationMatchr12.0

caxosoft_replicationMatchr12.5

VendorProductVersionCPE
caxosoft_content_distributionr12.0cpe:2.3:a:ca:xosoft_content_distribution:r12.0:*:*:*:*:*:*:*
caxosoft_content_distributionr12.5cpe:2.3:a:ca:xosoft_content_distribution:r12.5:*:*:*:*:*:*:*
caxosoft_high_availabilityr12.0cpe:2.3:a:ca:xosoft_high_availability:r12.0:*:*:*:*:*:*:*
caxosoft_high_availabilityr12.5cpe:2.3:a:ca:xosoft_high_availability:r12.5:*:*:*:*:*:*:*
caxosoft_replicationr12.0cpe:2.3:a:ca:xosoft_replication:r12.0:*:*:*:*:*:*:*
caxosoft_replicationr12.5cpe:2.3:a:ca:xosoft_replication:r12.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ca	xosoft_content_distribution	r12.0	cpe:2.3:a:ca:xosoft_content_distribution:r12.0:::::::*
ca	xosoft_content_distribution	r12.5	cpe:2.3:a:ca:xosoft_content_distribution:r12.5:::::::*
ca	xosoft_high_availability	r12.0	cpe:2.3:a:ca:xosoft_high_availability:r12.0:::::::*
ca	xosoft_high_availability	r12.5	cpe:2.3:a:ca:xosoft_high_availability:r12.5:::::::*
ca	xosoft_replication	r12.0	cpe:2.3:a:ca:xosoft_replication:r12.0:::::::*
ca	xosoft_replication	r12.5	cpe:2.3:a:ca:xosoft_replication:r12.5:::::::*