Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-0271

CWE-1894 documents4 sources
Severity
10.0CRITICAL
EPSS
33.3%
top 3.09%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Novell Groupwise
Timeline
PublishedSep 19
Latest updateMay 4

Description

Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDnovell/groupwise22 versions+21

🔴Vulnerability Details

2
GHSA
GHSA-cp78-vqpq-rwqw: Integer overflow in the WebConsole component in gwia2022-05-04
CVEList
CVE-2012-0271: Integer overflow in the WebConsole component in gwia2012-09-19

💥Exploits & PoCs

1
Exploit-DB
Novell Groupwise 8.0.2 HP3 and 2012 - Integer Overflow2012-09-17
CVE-2012-0271 (CRITICAL CVSS 10) | Integer overflow in the WebConsole | cvebase.io