Novell GroupWise Internet Agent "Content-Length" Integer Overflow Vulnerability
The vulnerability is confirmed in version 8.0.2 HP3 and reported in version 2012. Other versions may also be affected.
A vulnerability was reported in Novell GroupWise Internet Agent
A remote user can send a specially crafted request with the HTTP 'Content-Length' header value of '-1' to the administration interface via TCP port 9850 to trigger an integer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.
A remote user can execute arbitrary code on the target system.
No solution was available at the time of this entry.