Vulnerability Details CVE-2010-1223
Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.378
EPSS Ranking 97.0%
CVSS Severity
CVSS v2 Score 10.0
References
- http://www.securityfocus.com/archive/1/510564/100/0/threaded
- http://www.securityfocus.com/archive/1/510565/100/0/threaded
- http://www.securityfocus.com/archive/1/510567/100/0/threaded
- http://www.securityfocus.com/bid/39238
- http://www.zerodayinitiative.com/advisories/ZDI-10-065/
- http://www.zerodayinitiative.com/advisories/ZDI-10-066/
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869
- http://www.securityfocus.com/archive/1/510564/100/0/threaded
- http://www.securityfocus.com/archive/1/510565/100/0/threaded
- http://www.securityfocus.com/archive/1/510567/100/0/threaded
- http://www.securityfocus.com/bid/39238
- http://www.zerodayinitiative.com/advisories/ZDI-10-065/
- http://www.zerodayinitiative.com/advisories/ZDI-10-066/
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869
Products affected by CVE-2010-1223
-
cpe:2.3:a:ca:xosoft_content_distribution:r12.0
-
cpe:2.3:a:ca:xosoft_content_distribution:r12.5
-
cpe:2.3:a:ca:xosoft_high_availability:r12.0
-
cpe:2.3:a:ca:xosoft_high_availability:r12.5
-
cpe:2.3:a:ca:xosoft_replication:r12.0
-
cpe:2.3:a:ca:xosoft_replication:r12.5