发布时间 :2000-02-07 00:00:00
修订时间 :2008-09-10 15:03:06

[原文]The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet.

[CNNVD]Novell GroupWise Web Access Enhancement Pack中Java服务器拒绝服务漏洞(CNNVD-200002-035)

        Novell GroupWise Web Access Enhancement Pack中Java服务器存在漏洞。远程攻击者借助超长服务程序 URL可以导致拒绝服务。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20000207 Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Servic e

- 漏洞信息

Novell GroupWise Web Access Enhancement Pack中Java服务器拒绝服务漏洞
中危 未知
2000-02-07 00:00:00 2005-05-02 00:00:00
        Novell GroupWise Web Access Enhancement Pack中Java服务器存在漏洞。远程攻击者借助超长服务程序 URL可以导致拒绝服务。

- 公告与补丁


- 漏洞信息 (19744)

Novell Groupwise Enhancement Pack 5.5 Enhancement Pack DoS (EDBID:19744)
novell dos
2000-02-07 Verified
0 Adam Gray
N/A [点击下载]

By requesting a long URL from a Novell Groupwise 5.5 webserver with the Enhancement Pack installed, it is possible to cause the server to abend, the Java.nlm to take up all available CPU resource, or to stop the post office service. The server will need to be rebooted to restore normal operation.

http ://target/servlet/long string of 200+ characters 		

- 漏洞信息

Novell GroupWise Enhancement Pack Java Server URL Handling Overflow DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability Patch / RCS
Exploit Public Third-party Verified

- 漏洞描述

Novell GroupWise Web Access 5.5 Enhancement Pack contains a flaw that may allow a remote denial of service. The issue is triggered when a long URL is sent to the Java Servlet, and will cause the server to abend and CPU usage hit 100%.

- 时间线

2000-02-08 Unknow
2000-02-07 Unknow

- 解决方案

Apply Support Pack 1 for the GroupWise 5.5 Enhancement Pack from Novell Website. This is recommended in Novell Technical Information Document #2956064.

- 相关参考

- 漏洞作者