10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.351 Low
EPSS
Percentile
97.1%
Added: 04/20/2006
CVE: CVE-2006-0992
BID: 17503
OSVDB: 24617
Novell GroupWise includes the Messaging Agent which offers an HTTP service on port 8300/TCP.
A buffer overflow in the Messaging Agent allows remote attackers to execute commands by sending a long, specially crafted **Accept-Language**
header in an HTTP request.
Apply the fix referenced in Novell Technical Information Document 10100861.
<http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0264.html>
Exploit works on Novell GroupWise Messenger Server 2.0.
Windows