| VID |
21290 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
GWWEB.EXE in the Novell GroupWise is vulnerable to an information disclosure vulnerability.
Novell GroupWise is an email, calendaring and collaborative application available from Novell. It is designed for use on the Microsoft Windows and Novell Netware platforms, and includes a web access component for use through a web browser. GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, could allow a remote attacker to determine the full pathname of the web server via an HTTP request with an invalid HTMLVER parameter. And also by modifying the GroupWise Web Interface HTMLVER URL request, it could allow the attacker to read local files from its hard disk.
* References:
http://marc.theaimsgroup.com/?l=bugtraq&m=101494830315071&w=2
http://www.securityoffice.net/articles/groupwise/
* Platforms Affected:
Novell GroupWise 5.5
Novell NetWare Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to version 6.0 or later of Novell GroupWise. |
| Related URL |
CVE-2002-0341 (CVE) |
| Related URL |
4206 (SecurityFocus) |
| Related URL |
8311 (ISS) |
|
