CVE-2010-1930

Name of the Vulnerable Software and Affected Versions Novell iManager versions 2.7 through 2.7.3 FTF2

Description The issue is caused by an off-by-one error, allowing remote attackers to cause a denial of service by crashing the daemon. This can be achieved by sending a login request to the "nps/servlet/webacc" API endpoint with a long tree parameter.

Recommendations For Novell iManager versions 2.7 through 2.7.3 FTF2, consider restricting access to the "nps/servlet/webacc" API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.