CVE-2010-3281 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Alcatel-lucent	Omnivista 4760 Server

Configuration 1 [-]

OR	cpe:2.3:a:alcatel-lucent:omnivista_4760_server::patch2::::::*
	cpe:2.3:a:alcatel-lucent:omnivista_4760_server:4.1.13.00:::::::*
	cpe:2.3:a:alcatel-lucent:omnivista_4760_server:5.0:::::::*
	cpe:2.3:a:alcatel-lucent:omnivista_4760_server:5.1:::::::*
	cpe:2.3:a:alcatel-lucent:omnivista_4760_server:5.1.06.03.c:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/41508
http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010002.pdf
http://www.nruns.com/_downloads/nruns-SA-2010-002.pdf
http://www.securityfocus.com/archive/1/513865
http://www.securityfocus.com/archive/1/513866
http://www.securityfocus.com/bid/43338
http://www.vupen.com/english/advisories/2010/2460
https://exchange.xforce.ibmcloud.com/vulnerabilities/61922

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-09-23T18:00:00

Updated: 2024-08-07T03:03:18.868Z

Reserved: 2010-09-13T00:00:00

Link: CVE-2010-3281

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-09-23T19:00:14.433

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-3281

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-09-20T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.nruns.com/_downloads/nruns-SA-2010-002.pdf"}, {"name": "20100920 n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/513865"}, {"name": "20100920 n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/513866"}, {"name": "43338", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/43338"}, {"name": "ADV-2010-2460", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2460"}, {"name": "omnivista-http-bo(61922)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61922"}, {"name": "41508", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41508"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010002.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3281", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.nruns.com/_downloads/nruns-SA-2010-002.pdf", "refsource": "MISC", "url": "http://www.nruns.com/_downloads/nruns-SA-2010-002.pdf"}, {"name": "20100920 n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/513865"}, {"name": "20100920 n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/513866"}, {"name": "43338", "refsource": "BID", "url": "http://www.securityfocus.com/bid/43338"}, {"name": "ADV-2010-2460", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2460"}, {"name": "omnivista-http-bo(61922)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61922"}, {"name": "41508", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41508"}, {"name": "http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010002.pdf", "refsource": "CONFIRM", "url": "http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010002.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:03:18.868Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.nruns.com/_downloads/nruns-SA-2010-002.pdf"}, {"name": "20100920 n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/513865"}, {"name": "20100920 n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/513866"}, {"name": "43338", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/43338"}, {"name": "ADV-2010-2460", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2460"}, {"name": "omnivista-http-bo(61922)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61922"}, {"name": "41508", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41508"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010002.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3281", "datePublished": "2010-09-23T18:00:00", "dateReserved": "2010-09-13T00:00:00", "dateUpdated": "2024-08-07T03:03:18.868Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:alcatel-lucent:omnivista_4760_server:*:patch2:*:*:*:*:*:*", "matchCriteriaId": "F35C8182-C414-4F4D-B559-61F9B8C9790B", "versionEndIncluding": "5.1.06.03.c", "vulnerable": true}, {"criteria": "cpe:2.3:a:alcatel-lucent:omnivista_4760_server:4.1.13.00:*:*:*:*:*:*:*", "matchCriteriaId": "6A34D54F-0F49-43E2-A904-C6E9E662512C", "vulnerable": true}, {"criteria": "cpe:2.3:a:alcatel-lucent:omnivista_4760_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "FC324952-754C-4952-9D3B-7A5E861B12FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:alcatel-lucent:omnivista_4760_server:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "50C55DF8-045D-4180-9C5D-7BD44D0319CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:alcatel-lucent:omnivista_4760_server:5.1.06.03.c:*:*:*:*:*:*:*", "matchCriteriaId": "D884D205-8D68-4FDE-A26C-F8F7C4607C55", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucent OmniVista 4760 server before R5.1.06.03.c_Patch3 allows remote attackers to execute arbitrary code or cause a denial of service (service crash) via a long request."}, {"lang": "es", "value": "Desbordamiento de pila en el servicio de proxy HTTP en el servidor Alcatel-Lucent OmniVista 4760 anterior a vR5.1.06.03.c_Patch3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda del servicio) a trav\u00e9s de una solicitud larga."}], "id": "CVE-2010-3281", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-09-23T19:00:14.433", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41508"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010002.pdf"}, {"source": "cve@mitre.org", "url": "http://www.nruns.com/_downloads/nruns-SA-2010-002.pdf"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/513865"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/513866"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/43338"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2460"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61922"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41508"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2010002.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.nruns.com/_downloads/nruns-SA-2010-002.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/513865"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/513866"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/43338"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2460"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61922"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}