Check Point Advisories

Preemptive Protection against Novell GroupWise Agents HTTP Request Remote Code Execution

Check Point Reference: CPAI-2010-158
Date Published: 30 Nov 2010
Severity: Critical
Last Updated: Friday 01 January, 2010
Source: Secunia Advisory SA40820
Protection Provided by:
Who is Vulnerable? Novell GroupWise 8 prior to 8.02HP
Vulnerability Description
A code execution vulnerability exists in the GroupWise agents HTTP interfaces. The vulnerability is due to insufficient bounds checking while parsing the Host header from an HTTP GET request. A remote attacker could exploit this vulnerability by sending a crafted HTTP request to the server. Successful exploitation could result in remote code execution. 
Update/Patch AvaliableNovell has released an advsiory to address this vulnerability. 
Vulnerability DetailsThe vulnerability is due to insufficient bounds checking while parsing the Host header from an HTTP GET request. A remote attacker can exploit this vulnerability to execute arbitrary code on the affected system. 

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK