Vulnerability Note VU#796956

Novell GroupWise Messenger fails to properly handle HTTP POST requests.

Original Release date: 26 Oct 2006 | Last revised: 26 Oct 2006

Overview

Novell GroupWise Messenger fails to properly handle HTTP POST requests. This vulnerability may allow a remote attacker to cause a denial of service condition.

Description

Novell GroupWise Messenger fails to properly handle HTTP POST requests. This vulnerability may be triggered by sending a specially crafted HTTP POST request with a modified 'val' parameter to the server on port 8300/tcp.

Impact

This vulnerability may allow a remote attacker to cause a denial of service condition.

Solution

Apply an Update

Novell has released updates for GroupWise Messenger versions 1.0.6 and 2.02.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Novell, Inc.Affected-26 Oct 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by iDefense Labs. iDefense credits CIRT.DK for discovering this vulnerability.

This document was written by Katie Steiner.

Other Information

  • CVE IDs: CVE-2006-4511
  • Date Public: 03 Oct 2006
  • Date First Published: 26 Oct 2006
  • Date Last Updated: 26 Oct 2006
  • Severity Metric: 5.34
  • Document Revision: 8

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.