| VID |
21291 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The WebAcc Servlet in the Novell GroupWise server is vulnerable to a directory traversal vulnerability. Novell GroupWise is a cross-platform collaboration and messaging system. The /servlet/webacc servlet in Novell GroupWise versions 5.5 and 6 could a remote attacker to view the contents of arbitrary webserver file, caused by improper validation of user-supplied "User.html" parameter. To exploit this vulnerability, a remote attacker will send a "/servlet/webacc" request containing "dot dot" sequences (/../) and a known file appended with a NULL byte character (%00) as the following:
http://[targetserver]//servlet/webacc?User.html=../../../../../../../../../../boot.ini
It can allow a remote attacker to view the requested file.
* References:
http://www.kb.cert.org/vuls/id/341539
http://www.foundstone.com/knowledge/randd-advisories-display.html?id=327
http://www.securiteam.com/securitynews/6S00N0K2UM.html
* Platforms Affected:
Novell GroupWise 5.5 Enhancement Pack
Novell GroupWise 6.0 |
| Recommendation |
Apply the appropriate patch for this vulnerability, as listed in Novell Technical Information Document 2960443 at http://www.novell.com/coolsolutions/gwmag/features/a_webaccess_security_gw.html |
| Related URL |
CVE-2001-1458 (CVE) |
| Related URL |
3436 (SecurityFocus) |
| Related URL |
7287 (ISS) |
|
