Novell GroupWise Enhancement Pack Java Server URL Handling Overflow DoS

Medium Nessus Plugin ID 10097


The remote server is vulnerable to a denial of service.


The remote web server can be crashed by an overly long request:
GET /servlet/AAAA...AAAA This attack is known to affect GroupWise servers.


If the server is a Groupwise server, then install GroupWise Enhancement Pack 5.5 Sp1.

Plugin Details

Severity: Medium

ID: 10097

File Name: groupwise_overflow.nasl

Version: $Revision: 1.25 $

Type: remote

Family: Web Servers

Published: 2000/02/08

Modified: 2012/06/28

Dependencies: 10320, 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:U/RC:C

Vulnerability Information

Excluded KB Items: www/too_long_url_crash

Vulnerability Publication Date: 2000/02/08

Reference Information

CVE: CVE-2000-0146

BID: 972

OSVDB: 4997