CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2010-1223

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1620%
EPSS Percentile5.00th
Published2010年4月7日
Last Modified2026年4月29日

Vulnerability Description

Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service.

Affected Platforms (CPE)

📦
Ca

Xosoft Content Distribution

= r12.0
📦
Ca

Xosoft Content Distribution

= r12.5
📦
Ca

Xosoft High Availability

= r12.0
📦
Ca

Xosoft High Availability

= r12.5
📦
Ca

Xosoft Replication

= r12.0
📦
Ca

Xosoft Replication

= r12.5

References & Advisories

🔗 http://www.securityfocus.com/archive/1/510564/100/0/threaded
🔗 http://www.securityfocus.com/archive/1/510565/100/0/threaded
🔗 http://www.securityfocus.com/archive/1/510567/100/0/threaded
🔗 http://www.securityfocus.com/bid/39238
🔗 http://www.zerodayinitiative.com/advisories/ZDI-10-065/
🔗 http://www.zerodayinitiative.com/advisories/ZDI-10-066/
🔗 https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869
🔗 http://www.securityfocus.com/archive/1/510564/100/0/threaded

相關漏洞威脅

CVE-2010-39847.5

Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1...

CVE-2010-355210.0

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote atta...

CVE-2010-308510.0

The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vect...

CVE-2010-355310.0

Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and...