Description
Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Francis Provencher · textdoswindows
https://www.exploit-db.com/exploits/21326
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www.novell.com/support/kb/doc.php?id=7010769
Exploit x_refsource_misc
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=61&Itemid=61
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=746199
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/85426
Scores
EPSS
0.3326
EPSS Percentile
96.9%
Details
CWE
CWE-189
Status
published
Products (22)
novell/groupwise
8.0
novell/groupwise
8.01 (2 CPE variants)
novell/groupwise
8.02 (4 CPE variants)
novell/groupwise
8.03
novell/groupwise
2012
novell/groupwise
5.2
novell/groupwise
5.5
novell/groupwise
5.57e
novell/groupwise
6.0
novell/groupwise
6.0.1 sp1
... and 12 more
Published
Sep 19, 2012
Tracked Since
Feb 18, 2026