CyberSec.Space Logo
Back to CVE Browser

CVE-2010-1223

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1620%
EPSS Percentile5.00th
PublishedApr 7, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service.

Affected Platforms (CPE)

πŸ“¦
Ca

Xosoft Content Distribution

= r12.0
πŸ“¦
Ca

Xosoft Content Distribution

= r12.5
πŸ“¦
Ca

Xosoft High Availability

= r12.0
πŸ“¦
Ca

Xosoft High Availability

= r12.5
πŸ“¦
Ca

Xosoft Replication

= r12.0
πŸ“¦
Ca

Xosoft Replication

= r12.5

References & Advisories

πŸ”— http://www.securityfocus.com/archive/1/510564/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/510565/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/510567/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/39238
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-10-065/
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-10-066/
πŸ”— https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869
πŸ”— http://www.securityfocus.com/archive/1/510564/100/0/threaded

Related Vulnerabilities

CVE-2010-39847.5

Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1...

CVE-2010-355210.0

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote atta...

CVE-2010-355310.0

Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and...

CVE-2010-355410.0

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and...