CVE-2010-4714: Buffer Overflow
First published: Mon Jan 31 2011(Updated: )
Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Micro Focus GroupWise | =7.0.4 | |
| Micro Focus GroupWise | =6.5-sp5 | |
| Micro Focus GroupWise | =6.0 | |
| Micro Focus GroupWise | =7.0 | |
| Micro Focus GroupWise | =7.0.1 | |
| Micro Focus GroupWise | =5.5 | |
| Micro Focus GroupWise | =7.0.2 | |
| Micro Focus GroupWise | =6.5.6 | |
| Micro Focus GroupWise | =6.5.3 | |
| Micro Focus GroupWise | <=8.0.2 | |
| Micro Focus GroupWise | =8.0.1 | |
| Micro Focus GroupWise | =8.0 | |
| Micro Focus GroupWise | =6.5-sp1 | |
| Micro Focus GroupWise | =5.2 | |
| Micro Focus GroupWise | =6.5.4 | |
| Micro Focus GroupWise | =6.0-sp1 | |
| Micro Focus GroupWise | =6.5-sp6 | |
| Micro Focus GroupWise | =6.5-sp4 | |
| Micro Focus GroupWise | =6.0-sp5 | |
| Micro Focus GroupWise | =4.1 | |
| Micro Focus GroupWise | =5.1 | |
| Micro Focus GroupWise | =6.5-sp3 | |
| Micro Focus GroupWise | =6.0.1-sp1 | |
| Micro Focus GroupWise | =7.0.3 | |
| Micro Focus GroupWise | =5.5 | |
| Micro Focus GroupWise | =6.5 | |
| Micro Focus GroupWise | =5.0 | |
| Micro Focus GroupWise | =4.1a | |
| Micro Focus GroupWise | =6.5.2 | |
| Micro Focus GroupWise | =6.5-sp2 | |
| Micro Focus GroupWise | =5.57e | |
| Micro Focus GroupWise | =6.5.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-4714?
CVE-2010-4714 is classified as having high severity due to its potential to allow remote code execution.
How do I fix CVE-2010-4714?
To fix CVE-2010-4714, ensure that you upgrade to GroupWise version 8.02HP or later.
Which software versions are affected by CVE-2010-4714?
CVE-2010-4714 affects multiple versions of Novell GroupWise, specifically versions prior to 8.02HP.
What kind of attack does CVE-2010-4714 facilitate?
CVE-2010-4714 facilitates remote code execution attacks via specially crafted HTTP Host headers.
What components of Novell GroupWise are impacted by CVE-2010-4714?
CVE-2010-4714 impacts several components, including gwpoa.exe, gwmta.exe, gwia.exe, and the WebAccess Agent.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- vendor/novell
- canonical/novell groupwise
- version/novell groupwise/7.0.4
- version/novell groupwise/6.5-sp5
- version/novell groupwise/6.0
- version/novell groupwise/7.0
- version/novell groupwise/7.0.1
- version/novell groupwise/5.5
- version/novell groupwise/7.0.2
- version/novell groupwise/6.5.6
- version/novell groupwise/6.5.3
- version/novell groupwise/8.0.2
- version/novell groupwise/8.0.1
- version/novell groupwise/8.0
- version/novell groupwise/6.5-sp1
- version/novell groupwise/5.2
- version/novell groupwise/6.5.4
- version/novell groupwise/6.0-sp1
- version/novell groupwise/6.5-sp6
- version/novell groupwise/6.5-sp4
- version/novell groupwise/6.0-sp5
- version/novell groupwise/4.1
- version/novell groupwise/5.1
- version/novell groupwise/6.5-sp3
- version/novell groupwise/6.0.1-sp1
- version/novell groupwise/7.0.3
- version/novell groupwise/6.5
- version/novell groupwise/5.0
- version/novell groupwise/4.1a
- version/novell groupwise/6.5.2
- version/novell groupwise/6.5-sp2
- version/novell groupwise/5.57e
- version/novell groupwise/6.5.7