CVE-2012-0271

Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/85426
http://www.novell.com/support/kb/doc.php?id=7010769	Vendor Advisory
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=61&Itemid=61	Exploit
https://bugzilla.novell.com/show_bug.cgi?id=746199
http://osvdb.org/85426
http://www.novell.com/support/kb/doc.php?id=7010769	Vendor Advisory
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=61&Itemid=61	Exploit
https://bugzilla.novell.com/show_bug.cgi?id=746199

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:novell:groupwise:8.0:::::::*
	cpe:2.3:a:novell:groupwise:8.01:::::::*
	cpe:2.3:a:novell:groupwise:8.01:hp::::::
	cpe:2.3:a:novell:groupwise:8.02:::::::*
	cpe:2.3:a:novell:groupwise:8.02:hp1::::::
	cpe:2.3:a:novell:groupwise:8.02:hp2::::::
	cpe:2.3:a:novell:groupwise:8.02:hp3::::::
	cpe:2.3:a:novell:groupwise:8.03:::::::*

Configuration 2 (hide)

cpe:2.3:a:novell:groupwise:2012:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:novell:groupwise:5.2:::::::*
	cpe:2.3:a:novell:groupwise:5.5:::::::*
	cpe:2.3:a:novell:groupwise:5.57e:::::::*
	cpe:2.3:a:novell:groupwise:6.0:::::::*
	cpe:2.3:a:novell:groupwise:6.0.1:sp1::::::
	cpe:2.3:a:novell:groupwise:6.5:::::::*
	cpe:2.3:a:novell:groupwise:6.5:sp1::::::
	cpe:2.3:a:novell:groupwise:6.5:sp2::::::
	cpe:2.3:a:novell:groupwise:6.5:sp3::::::
	cpe:2.3:a:novell:groupwise:6.5:sp4::::::
	cpe:2.3:a:novell:groupwise:6.5:sp5::::::
	cpe:2.3:a:novell:groupwise:6.5:sp6::::::
	cpe:2.3:a:novell:groupwise:6.5.2:::::::*
	cpe:2.3:a:novell:groupwise:6.5.3:::::::*
	cpe:2.3:a:novell:groupwise:6.5.4:::::::*
	cpe:2.3:a:novell:groupwise:6.5.6:::::::*
	cpe:2.3:a:novell:groupwise:6.5.7:::::::*
	cpe:2.3:a:novell:groupwise:7.0:::::::*
	cpe:2.3:a:novell:groupwise:7.0.3:hp4::::::
	cpe:2.3:a:novell:groupwise:7.0.3:hp5::::::
	cpe:2.3:a:novell:groupwise:7.0.4:::::::*
	cpe:2.3:a:novell:groupwise:7.0.4:ftf::::::
	cpe:2.3:a:novell:groupwise:7.01:::::::*
	cpe:2.3:a:novell:groupwise:7.01:ir1::::::
	cpe:2.3:a:novell:groupwise:7.02:::::::*
	cpe:2.3:a:novell:groupwise:7.02:hp1::::::
	cpe:2.3:a:novell:groupwise:7.02:hp1a::::::
	cpe:2.3:a:novell:groupwise:7.02:hp2::::::
	cpe:2.3:a:novell:groupwise:7.02:hp2r1::::::
	cpe:2.3:a:novell:groupwise:7.03:::::::*
	cpe:2.3:a:novell:groupwise:7.03:hp::::::
	cpe:2.3:a:novell:groupwise:7.03:hp2::::::
	cpe:2.3:a:novell:groupwise:7.03:hp3::::::
	cpe:2.3:a:novell:groupwise:7.03:hp3\+ftf::::::

History

21 Nov 2024, 01:34

Type	Values Removed	Values Added
References	~~() http://osvdb.org/85426 -~~	() http://osvdb.org/85426 -
References	~~() http://www.novell.com/support/kb/doc.php?id=7010769 - Vendor Advisory~~	() http://www.novell.com/support/kb/doc.php?id=7010769 - Vendor Advisory
References	~~() http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=61&Itemid=61 - Exploit~~	() http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=61&Itemid=61 - Exploit
References	~~() https://bugzilla.novell.com/show_bug.cgi?id=746199 -~~	() https://bugzilla.novell.com/show_bug.cgi?id=746199 -

Information

Published : 2012-09-19 10:57

Updated : 2024-11-21 01:34

NVD link : CVE-2012-0271

Mitre link : CVE-2012-0271

CVE.ORG link : CVE-2012-0271

JSON object : View

Products Affected

novell

groupwise

CWE

CWE-189

Numeric Errors

10.0 /10