Novell GroupWise Internet Agent 8.x < 8.0.3 / 12.x < 12.0.1 Multiple Vulnerabilities

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.

Synopsis :

The remote Windows host has an application that is susceptible to a
denial of service attack.

Description :

The version of Novell GroupWise Internet Agent running on the remote
host is 8.x earlier than 8.0.3 or 12.x earlier than 12.0.1. It
therefore is potentially affected by multiple vulnerabilities :

- A denial of service vulnerability exists due to the way
that the application parses date information within a
received iCalendar message. A remote attacker could
exploit this flaw to crash the affected service.

- An unspecified integer overflow vulnerability exists
that could lead to code execution. (CVE-2012-0417)

- An arbitrary file retrieval vulnerability exists due to
a failure to properly filter certain crafted directory
traversal sequences in the HTTP interface.

See also :

Solution :

Update GWIA to version 8.0.3, 12.0.1, or later.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.9
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 62284 ()

Bugtraq ID: 55574

CVE ID: CVE-2011-3827

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now