Lucene search

[email protected]CVE-2006-0992

HistoryApr 14, 2006 - 10:02 a.m.

CVE-2006-0992

2006-04-1410:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-0992

buffer overflow

novell groupwise messenger

remote code execution

7.8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.351 Low

EPSS

Percentile

97.1%

JSON

Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier.

CPENameOperatorVersion
novell:groupwise_messengernovell groupwise messengereq2.0

CPE	Name	Operator	Version
novell:groupwise_messenger	novell groupwise messenger	eq	2.0

References

cirt.dk/advisories/cirt-42-advisory.txt

metasploit.blogspot.com/2006/04/exploit-development-groupwise_14.html

secunia.com/advisories/19663

securitytracker.com/id?1015911

support.novell.com/cgi-bin/search/searchtid.cgi?10100861.htm

www.osvdb.org/24617

www.securityfocus.com/archive/1/430911/100/0/threaded

www.securityfocus.com/bid/17503

www.vupen.com/english/advisories/2006/1355

www.zerodayinitiative.com/advisories/ZDI-06-008.html

exchange.xforce.ibmcloud.com/vulnerabilities/25828

www.exploit-db.com/exploits/1679

7.8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.351 Low

EPSS

Percentile

97.1%

JSON

Related for CVE-2006-0992

prion1 cve1 packetstorm1 saint4 nessus1 canvas1 checkpoint_advisories1 zdi1 securityvulns1