Discussion There is a DOS attack that can be run against Novell GroupWise Web Access 5.5 Enhancement Pack. The Java Server is possible to crash with a long character string sent to the servlet gateway using a web browser. This DOS can cause the Netscape web server to abend, the Java.nlm to take all of the processor utilization, or the post office can simple stop responding. This DOS attack will kill any active GroupWise based connections to the GroupWise server. The server typically requires a reboot to fix the problem. This bug has been confirmed by Novell with instruction from novacoast. Exploit http://servername/servlet/string of characters 200 or more> Solution GroupWise Enhancement Pack 5.5 Sp1 This patch is still in beta. It should be released in the next few weeks. It can be obtained by contacting Novell Technical Support Adam Gray Vice President Technology novacoast agrayat_private 805-568-0171
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:33:47 PDT