| VID |
21468 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The Novell GroupWise WebAccess is vulnerable to an information disclosure vulnerability. GroupWise is the commercial groupware package distributed and maintained by Novell. Novell GroupWise WebAccess could allow a remote attacker to obtain sensitive information such as the server name and installation path, by issuing a request the file /com/novell/webaccess/WebAccessUninstall.ini. This information may be used to launch further attacks against a vulnerable computer.
* Platforms Affected:
Novell, Inc., Novell GroupWise WebAccess Any version
Novell, Inc., Novell NetWare Any version
Microsoft Windows Any version
Novell NetWare Any version
Linux Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
As a workaround, delete the file /com/novell/webaccess/WebAccessUninstall.ini |
| Related URL |
(CVE) |
| Related URL |
12194 (SecurityFocus) |
| Related URL |
(ISS) |
|
