| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.1 | $0-$5k | 0.00 |
Summary
A vulnerability described as problematic has been identified in Novell iManager 1.5/2.0/2.0.2/2.5. Affected by this vulnerability is an unknown functionality. The manipulation of the argument TREE results in resource management. This vulnerability is identified as CVE-2006-4517. There is not any exploit available.
Details
A vulnerability classified as critical has been found in Novell iManager 1.5/2.0/2.0.2/2.5. Affected is an unknown code block. The manipulation of the argument TREE with an unknown input leads to a resource management vulnerability. CWE is classifying the issue as CWE-399. This is going to have an impact on availability. CVE summarizes:
Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference.
The weakness was released 11/01/2006 by CIRT with CIRT.DK (Website). The advisory is available at labs.idefense.com. This vulnerability is traded as CVE-2006-4517 since 08/31/2006. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details are known, but there is no available exploit.
It is declared as proof-of-concept. The commercial vulnerability scanner Qualys is able to test this issue with plugin 12321 (Novell iManager Causes Denial of Service in Tomcat Server (3885713)).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 9045.
The vulnerability is also documented in the databases at X-Force (29961), SecurityFocus (BID 20841†), Secunia (SA22657†), SecurityTracker (ID 1017139†) and Vulnerability Center (SBV-24461†). If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Vendor
Name
Version
License
Support
Website
- Vendor: https://www.novell.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 7.1
VulDB Base Score: 7.5
VulDB Temp Score: 7.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Resource managementCWE: CWE-399 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
TippingPoint: 🔍
ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
Timeline
08/31/2006 🔍10/31/2006 🔍
10/31/2006 🔍
11/01/2006 🔍
11/01/2006 🔍
11/01/2006 🔍
11/01/2006 🔍
12/23/2009 🔍
03/12/2015 🔍
04/26/2026 🔍
Sources
Vendor: novell.comAdvisory: labs.idefense.com⛔
Researcher: CIRT
Organization: CIRT.DK
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2006-4517 (🔍)
GCVE (CVE): GCVE-0-2006-4517
GCVE (VulDB): GCVE-100-33066
X-Force: 29961
SecurityFocus: 20841 - Novell IManager Tomcat Denial of Service Vulnerability
Secunia: 22657 - Novell iManager Tomcat Denial Of Service Vulnerability, Moderately Critical
SecurityTracker: 1017139 - Novell iManager TREE Parameter NULL Pointer Dereference Lets Remote Users Deny Service
Vulnerability Center: 24461 - Novell iManager \x3C\x3D 2.5 Tomcat Server Remote DoS Vulnerability via HTTP POST Long TREE Parameter, High
Vupen: ADV-2006-4292
Entry
Created: 03/12/2015 22:21Updated: 04/26/2026 01:34
Changes: 03/12/2015 22:21 (55), 02/19/2017 09:33 (20), 06/16/2025 04:11 (18), 04/26/2026 01:34 (1)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.

No comments yet. Languages: en.
Please log in to comment.