CVE-2010-3107 - OpenCVE

A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a "logic flaw" in the CleanUploadFiles method in the nipplib.dll module.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Novell	Iprint

Configuration 1 [-]

OR	cpe:2.3:a:novell:iprint::::::::
	cpe:2.3:a:novell:iprint:4.26:::::::*
	cpe:2.3:a:novell:iprint:4.27:::::::*
	cpe:2.3:a:novell:iprint:4.28:::::::*
	cpe:2.3:a:novell:iprint:4.30:::::::*
	cpe:2.3:a:novell:iprint:4.32:::::::*
	cpe:2.3:a:novell:iprint:4.34:::::::*
	cpe:2.3:a:novell:iprint:4.36:::::::*
	cpe:2.3:a:novell:iprint:4.38:::::::*
	cpe:2.3:a:novell:iprint:5.04:::::::*
	cpe:2.3:a:novell:iprint:5.12:::::::*
	cpe:2.3:a:novell:iprint:5.20b:::::::*
	cpe:2.3:a:novell:iprint:5.30:::::::*
	cpe:2.3:a:novell:iprint:5.32:::::::*

No data.

References

Link	Providers
http://download.novell.com/Download?buildid=ftwZBxEFjIg~
http://dvlabs.tippingpoint.com/advisory/TPTI-10-05
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12074

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-08-23T20:00:00

Updated: 2024-08-07T02:55:46.745Z

Reserved: 2010-08-23T00:00:00

Link: CVE-2010-3107

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-08-23T22:00:03.440

Modified: 2017-09-19T01:31:12.300

Link: CVE-2010-3107

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-07-26T00:00:00", "descriptions": [{"lang": "en", "value": "A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a \"logic flaw\" in the CleanUploadFiles method in the nipplib.dll module."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-05"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~"}, {"name": "oval:org.mitre.oval:def:12074", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12074"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3107", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a \"logic flaw\" in the CleanUploadFiles method in the nipplib.dll module."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-05", "refsource": "MISC", "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-05"}, {"name": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~", "refsource": "CONFIRM", "url": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~"}, {"name": "oval:org.mitre.oval:def:12074", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12074"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:55:46.745Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-05"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~"}, {"name": "oval:org.mitre.oval:def:12074", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12074"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3107", "datePublished": "2010-08-23T20:00:00", "dateReserved": "2010-08-23T00:00:00", "dateUpdated": "2024-08-07T02:55:46.745Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:novell:iprint:*:*:*:*:*:*:*:*", "matchCriteriaId": "583C6EB4-A372-4B15-8B3A-09A0D778ECA3", "versionEndIncluding": "5.40", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:iprint:4.26:*:*:*:*:*:*:*", "matchCriteriaId": "3332CB43-D2ED-4720-8ED4-AE222C6F7FF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:iprint:4.27:*:*:*:*:*:*:*", "matchCriteriaId": "E9AD9057-2218-481E-96CB-BF568AD3A9F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:iprint:4.28:*:*:*:*:*:*:*", "matchCriteriaId": "0D044326-00CB-4158-A652-7D7FBDB380C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:iprint:4.30:*:*:*:*:*:*:*", "matchCriteriaId": "3BDA0CD3-3E49-42E9-8D41-2B93FEE53610", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:iprint:4.32:*:*:*:*:*:*:*", "matchCriteriaId": "AAB01661-76E1-4181-A798-6325EFD681FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:iprint:4.34:*:*:*:*:*:*:*", "matchCriteriaId": "16769BC0-66AE-4AA3-B504-03389717A56D", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:iprint:4.36:*:*:*:*:*:*:*", "matchCriteriaId": "25B2994C-8E01-4E7B-A5CA-9F9BE4C634C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:iprint:4.38:*:*:*:*:*:*:*", "matchCriteriaId": "CCCA90D8-A320-43B0-A667-DAFC0D00924F", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:iprint:5.04:*:*:*:*:*:*:*", "matchCriteriaId": "6F12CAA5-6C37-4FBA-BA41-03C7F81AE6BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:iprint:5.12:*:*:*:*:*:*:*", "matchCriteriaId": "CCA3CFFD-8D4B-4BEC-934A-7E5D18F87807", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:iprint:5.20b:*:*:*:*:*:*:*", "matchCriteriaId": "A2A31E77-BFE6-4F54-9839-8323F8E4995E", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:iprint:5.30:*:*:*:*:*:*:*", "matchCriteriaId": "7E8EC466-1CA2-4D8E-8D3F-F1246DC1850B", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:iprint:5.32:*:*:*:*:*:*:*", "matchCriteriaId": "27533465-909A-4300-A713-36924FB330CA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A certain ActiveX control in ienipp.ocx in the browser plugin in Novell iPrint Client before 5.42 does not properly restrict the set of files to be deleted, which allows remote attackers to cause a denial of service (recursive file deletion) via unspecified vectors related to a \"logic flaw\" in the CleanUploadFiles method in the nipplib.dll module."}, {"lang": "es", "value": "Un control ActiveX en ienipp.ocx en el plugin para el navegador del cliente de Novell iPrint antes de v5.42 no limita apropiadamente el conjunto de archivos que desea eliminar, lo que permite provocar a atacantes remotos una denegaci\u00f3n de servicio (mediante eliminaci\u00f3n de archivos de forma recursiva) a trav\u00e9s de vectores no especificados relacionados con \"fallo l\u00f3gico\" en el m\u00e9todo CleanUploadFiles en el m\u00f3dulo nipplib.dll."}], "id": "CVE-2010-3107", "lastModified": "2017-09-19T01:31:12.300", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-08-23T22:00:03.440", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://download.novell.com/Download?buildid=ftwZBxEFjIg~"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-05"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12074"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}