By requesting a long URL from a Novell Groupwise 5.5 webserver with the Enhancement Pack installed, it is possible to cause the server to abend, the Java.nlm to take up all available CPU resource, or to stop the post office service. The server will need to be rebooted to restore normal operation.
http ://target/servlet/long string of 200+ characters
Novell GroupWise Enhancement Pack Java Server URL Handling Overflow DoS
Remote / Network Access
Denial of Service,
Loss of Integrity,
Loss of Availability
Patch / RCS
Novell GroupWise Web Access 5.5 Enhancement Pack contains a flaw that may allow a remote denial of service. The issue is triggered when a long URL is sent to the Java Servlet, and will cause the server to abend and CPU usage hit 100%.
Apply Support Pack 1 for the GroupWise 5.5 Enhancement Pack from Novell Website. This is recommended in Novell Technical Information Document #2956064.