Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0992

4 documents4 sources

Severity

10.0CRITICAL

EPSS

88.8%

top 0.48%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Novell Groupwise Messenger

Timeline

PublishedApr 14

Latest updateMay 1

Description

Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDnovell/groupwise_messenger2.0

Patches

Patch: support.novell.com ↗Patch: www.securityfocus.com ↗Patch: www.zerodayinitiative.com ↗

🔴Vulnerability Details

GHSA

GHSA-cgqf-hpv9-9g6m: Stack-based buffer overflow in Novell GroupWise Messenger before 2↗2022-05-01

▶

CVEList

CVE-2006-0992: Stack-based buffer overflow in Novell GroupWise Messenger before 2↗2006-04-14

▶

💥Exploits & PoCs

Exploit-DB

Novell Messenger Server 2.0 - Accept-Language Overflow (Metasploit)↗2010-09-20

▶