Lucene search

HistoryOct 02, 2012 - 12:00 a.m.

Novell GroupWise Internet Agent Request Content-Length Header Parsing Remote Overflow

2012-10-0200:00:00

www.tenable.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON

The version of Novell GroupWise Internet Agent hosted on the remote host is affected by a buffer overflow vulnerability due to the way the application handles the Content-Length HTTP header when it contains the value -1. By exploiting this flaw, a remote, unauthenticated attacker could execute arbitrary code on the remote host subject to the privileges of the user running the affected application.

Note that this version of GroupWise Internet Agent likely has other vulnerabilities (i.e., CVE-2012-0419), but Nessus has not checked for those issues.

Binary data groupwise_ia_cve-2012-0271.nbin

VendorProductVersionCPE
novellgroupwisecpe:/a:novell:groupwise

Vendor	Product	Version	CPE
novell	groupwise		cpe:/a:novell:groupwise

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0271

www.nessus.org/u?741a53d4

support.microfocus.com/kb/doc.php?id=7010769

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON

Related for GROUPWISE_IA_CVE-2012-0271.NBIN