CVE-2012-0271
published 2012-09-19CVE-2012-0271: Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might…
PriorityP262critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
17.09%
96.7th percentile
Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x47\x45\x54\x20\x2F\x20\x48\x54\x54\x50\x2F\x31\x2E\x30\x0D\x0A\x43\x6F\x6E\x74\x65\x6E\x74\x2D\x4C\x65\x6E\x67\x74\x68\x3A\x20\x2D\x31\x0D\x0A
- →Detect HTTP requests to TCP port 9850 (GWIA WebConsole) containing a Content-Length header value of -1, which is the trigger for the integer overflow leading to heap-based buffer overflow. ↗
- →Monitor for anomalous or oversized HTTP requests to gwia.exe's WebConsole component (TCP/9850) with negative Content-Length values, indicative of exploitation attempts. ↗
- ·The GWIA WebConsole listens on TCP port 9850 by default; this port should not be exposed to untrusted networks. Exploitation requires network access to this port. ↗
- ·Affected versions are Novell GroupWise 8.0 before 8.0.3 HP1 and GroupWise 2012 before SP1; patched versions are not vulnerable. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/85426http://www.novell.com/support/kb/doc.php?id=7010769http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=61&Itemid=61https://bugzilla.novell.com/show_bug.cgi?id=746199http://osvdb.org/85426http://www.novell.com/support/kb/doc.php?id=7010769http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=61&Itemid=61https://bugzilla.novell.com/show_bug.cgi?id=746199
2012-09-19
Published