CVE-2010-3107
Novell iPrint < 5.42 - Denial of Service via CleanUploadFiles Method
Title source: llmDescription
A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module.
References (3)
Core 3
Core References
Patch x_refsource_misc
http://dvlabs.tippingpoint.com/advisory/TPTI-10-05
Patch x_refsource_confirm
http://download.novell.com/Download?buildid=ftwZBxEFjIg~
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12074
Scores
EPSS
0.0339
EPSS Percentile
87.6%
Details
CWE
CWE-264
Status
published
Products (14)
novell/iprint
4.26
novell/iprint
4.27
novell/iprint
4.28
novell/iprint
4.30
novell/iprint
4.32
novell/iprint
4.34
novell/iprint
4.36
novell/iprint
4.38
novell/iprint
5.04
novell/iprint
5.12
... and 4 more
Published
Aug 23, 2010
Tracked Since
Feb 18, 2026