Vulnerability Note VU#796956

Novell GroupWise Messenger fails to properly handle HTTP POST requests.

Overview

Novell GroupWise Messenger fails to properly handle HTTP POST requests. This vulnerability may allow a remote attacker to cause a denial of service condition.

I. Description

Novell GroupWise Messenger fails to properly handle HTTP POST requests. This vulnerability may be triggered by sending a specially crafted HTTP POST request with a modified 'val' parameter to the server on port 8300/tcp.

II. Impact

This vulnerability may allow a remote attacker to cause a denial of service condition.

III. Solution

Apply an Update

Novell has released updates for GroupWise Messenger versions 1.0.6 and 2.02.

Systems Affected

Vendor	Status	Date Updated
Novell, Inc.	Vulnerable	26-Oct-2006

References

http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974452.htm
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974440.htm
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=416
http://secunia.com/advisories/22244/

Credit

This vulnerability was reported by iDefense Labs. iDefense credits CIRT.DK for discovering this vulnerability.

This document was written by Katie Steiner.

Other Information

Date Public	10/03/2006
Date First Published	10/26/2006 02:09:45 PM
Date Last Updated	10/26/2006
CERT Advisory
CVE-ID(s)	CVE-2006-4511
NVD-ID(s)	CVE-2006-4511
US-CERT Technical Alerts
Metric	5.34
Document Revision	8

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader