Response to reported security vulnerability SecurityFocus Bugtraq ID: 28944

  • 7000317
  • 04-May-2008
  • 26-Apr-2012

Environment

GroupWise 7.0

Situation

On 28 April, 2008, a possible security vulnerability (Bugtraq ID: 28944) was reported to the SecurityFocus web site entitled "Novell GroupWise HTML Injection and Denial of Service Vulnerabilities". The web site originally listed GroupWise 7.0 and GroupWise 7 SP1, SP2, and SP3 as being affected by the issue.

Resolution

Novell has tested the problem with GroupWise 7 Support Pack 3, and were not able to duplicate the problem using the information provided by the reporter. In addition, Novell has communicated directly with the reporter, who indicates that he was only able to duplicate the problem on shipping (unpatched) GroupWise 7.0 and did not see the problem after updating to GroupWise 7 Support Pack 1 (SP1).

To resolve this issue, customers running unpatched GroupWise 7.0 should update to at least GroupWise 7 Support Pack 1 (SP1). For the most current security updates and bug fixes, Novell recommends that customers apply GroupWise 7 Support Pack 3 (SP3).

Status

Security Alert