CVE-2010-3107 (GCVE-0-2010-3107)
Vulnerability from cvelistv5
Published
2010-08-23 20:00
Modified
2024-08-07 02:55
Severity ?
CWE
  • n/a
Summary
A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module.
References
cve@mitre.orghttp://download.novell.com/Download?buildid=ftwZBxEFjIg~Patch
cve@mitre.orghttp://dvlabs.tippingpoint.com/advisory/TPTI-10-05Patch
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12074
af854a3a-2127-422b-91ae-364da2661108http://download.novell.com/Download?buildid=ftwZBxEFjIg~Patch
af854a3a-2127-422b-91ae-364da2661108http://dvlabs.tippingpoint.com/advisory/TPTI-10-05Patch
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12074
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:55:46.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-05"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~"
          },
          {
            "name": "oval:org.mitre.oval:def:12074",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12074"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-07-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a \"logic flaw\" in the CleanUploadFiles method in the nipplib.dll module."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-05"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~"
        },
        {
          "name": "oval:org.mitre.oval:def:12074",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12074"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3107",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a \"logic flaw\" in the CleanUploadFiles method in the nipplib.dll module."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-05",
              "refsource": "MISC",
              "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-05"
            },
            {
              "name": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~",
              "refsource": "CONFIRM",
              "url": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~"
            },
            {
              "name": "oval:org.mitre.oval:def:12074",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12074"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3107",
    "datePublished": "2010-08-23T20:00:00",
    "dateReserved": "2010-08-23T00:00:00",
    "dateUpdated": "2024-08-07T02:55:46.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-3107\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-08-23T22:00:03.440\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a \\\"logic flaw\\\" in the CleanUploadFiles method in the nipplib.dll module.\"},{\"lang\":\"es\",\"value\":\"Un control ActiveX en ienipp.ocx en el plugin para el navegador del cliente de Novell iPrint antes de v5.42 no limita apropiadamente el conjunto de archivos que desea eliminar, lo que permite provocar a atacantes remotos una denegaci\u00f3n de servicio (mediante eliminaci\u00f3n de archivos de forma recursiva) a trav\u00e9s de vectores no especificados relacionados con \\\"fallo l\u00f3gico\\\" en el m\u00e9todo CleanUploadFiles en el m\u00f3dulo nipplib.dll.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.40\",\"matchCriteriaId\":\"583C6EB4-A372-4B15-8B3A-09A0D778ECA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:4.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3332CB43-D2ED-4720-8ED4-AE222C6F7FF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:4.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9AD9057-2218-481E-96CB-BF568AD3A9F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:4.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D044326-00CB-4158-A652-7D7FBDB380C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BDA0CD3-3E49-42E9-8D41-2B93FEE53610\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:4.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAB01661-76E1-4181-A798-6325EFD681FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:4.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16769BC0-66AE-4AA3-B504-03389717A56D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:4.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25B2994C-8E01-4E7B-A5CA-9F9BE4C634C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:4.38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCCA90D8-A320-43B0-A667-DAFC0D00924F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:5.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F12CAA5-6C37-4FBA-BA41-03C7F81AE6BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCA3CFFD-8D4B-4BEC-934A-7E5D18F87807\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:5.20b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2A31E77-BFE6-4F54-9839-8323F8E4995E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:5.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E8EC466-1CA2-4D8E-8D3F-F1246DC1850B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:iprint:5.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27533465-909A-4300-A713-36924FB330CA\"}]}]}],\"references\":[{\"url\":\"http://download.novell.com/Download?buildid=ftwZBxEFjIg~\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://dvlabs.tippingpoint.com/advisory/TPTI-10-05\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12074\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://download.novell.com/Download?buildid=ftwZBxEFjIg~\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://dvlabs.tippingpoint.com/advisory/TPTI-10-05\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.