Integer Overflow Vulnerability in Novell GroupWise Internet Agent
CVE-2012-0271

Currently unrated

Key Information:

Vendor: Novell
Status: Groupwise
Vendor: CVE Published:; 19 September 2012

Summary

An integer overflow in the WebConsole component of the GroupWise Internet Agent (gwia.exe) allows remote attackers to execute arbitrary code. This vulnerability is triggered when an attacker sends a specially crafted request, with an inappropriate value in the Content-Length HTTP header, leading to a heap-based buffer overflow. Affected versions of Novell GroupWise include those prior to 8.0.3 HP1 and 2012 SP1, making it crucial for users to apply the necessary updates to mitigate risks.

References

http://www.novell.com/support/kb/doc.php?id=7010769

x_refsource_CONFIRM

http://www.protekresearchlab.com/index.php?option=com_con...

x_refsource_MISC

https://bugzilla.novell.com/show_bug.cgi?id=746199

x_refsource_CONFIRM

EPSS Score

33% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 19, 2012
Vulnerability Reserved
Dec 30, 2011