CVE-2010-1930

Novell iManager 2.7, 2.7.3, 2.7.3 FTF2 - Denial of Service via Long Tree Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1930. PoCs published by Core Security Technologies.

AI-analyzed exploit summary The provided code is a proof-of-concept for CVE-2010-1930, an off-by-one error in Novell iManager's login process. It demonstrates a DoS attack by sending a maliciously crafted POST request with a 256-character 'TREE' field, causing the server to crash.

Description

Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security Technologies · textdosnovell

https://www.exploit-db.com/exploits/14010

View Code ZIP pw:eip

The provided code is a proof-of-concept for CVE-2010-1930, an off-by-one error in Novell iManager's login process. It demonstrates a DoS attack by sending a maliciously crafted POST request with a 256-character 'TREE' field, causing the server to crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Novell iManager 2.7, 2.7.3, 2.7.3 FTF2

No auth needed

Prerequisites: Network access to the target Novell iManager instance

MITRE ATT&CK