CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.3%
Added: 04/25/2007
CVE: CVE-2007-2171
BID: 23556
OSVDB: 35018
Novell GroupWise includes a WebAccess service which allows users to access their e-mail using a web browser.
A buffer overflow in the base64_decode function allows remote attackers to execute arbitrary commands by sending a specially crafted HTTP Basic Authentication request.
Upgrade to Groupwise 7.0 SP2 for Windows or Linux.
<http://www.zerodayinitiative.com/advisories/ZDI-07-015.html>
Exploit works on Novell GroupWise 7.0.
Windows