CVE-2011-1710 - Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attac

CVE-2011-1710

Summary

Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via crafted header length variables.

References

http://download.novell.com/patch/finder/?keywords=b8833ce91ca8c8d2a478a8a32a2e2efb
http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00012.html
http://support.novell.com/security/cve/CVE-2011-1710.html
https://bugzilla.novell.com/585440

Vulnerable Configurations

cpe:2.3:a:novell:xtier_framework:3.1.8:*:*:*:*:*:*:*
cpe:2.3:a:novell:xtier_framework:3.1.8:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 02-01-2012 - 05:00)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm	http://download.novell.com/patch/finder/?keywords=b8833ce91ca8c8d2a478a8a32a2e2efb http://support.novell.com/security/cve/CVE-2011-1710.html https://bugzilla.novell.com/585440
suse	SUSE-SU-2011:1185

Last major update

02-01-2012 - 05:00

Published

31-12-2011 - 01:55

Last modified

02-01-2012 - 05:00