This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The remote Windows host has an application that is susceptible to a
denial of service attack.
The version of Novell GroupWise Internet Agent running on the remote
host is 8.x earlier than 8.0.3 or 12.x earlier than 12.0.1. It
therefore is potentially affected by multiple vulnerabilities :
- A denial of service vulnerability exists due to the way
that the application parses date information within a
received iCalendar message. A remote attacker could
exploit this flaw to crash the affected service.
- An unspecified integer overflow vulnerability exists
that could lead to code execution. (CVE-2012-0417)
- An arbitrary file retrieval vulnerability exists due to
a failure to properly filter certain crafted directory
traversal sequences in the HTTP interface.
See also :
Update GWIA to version 8.0.3, 12.0.1, or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.9
Public Exploit Available : true