| VID |
22120 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The HELP function in Novell GroupWise GWWEB.EXE has multiple vulnerabilities.
Novell GroupWise is a directory service available from Novell, and it is designed for use on the Microsoft Windows platforms. Reportedly, the following vulnerabilities are present in the GroupWise Web Interface:
1. The HELP argument in GWWEB.EXE can be used to reveal the full web path on the server.
2. Anyone can read an .htm file on the system with the GWWEB.EXE and the HELP argument.
Example:
1. By sending http://server/cgi-bin/GW5/GWWEB.EXE?HELP=bad-request the server will reply:
Could not find file SYS:WEB\CGI-BIN\GW5\US\HTML3\HELP\BAD-REQUEST.HTM
2. To read .htm files anywhere on the server, or to browse directories, use HELP and the ../ string to traverse directories:
http ://server/cgi-bin/GW5/GWWEB.EXE?HELP=../../../secret.htm
Vulnerable systems:
GroupWise 5.2
GroupWise 5.5
* References:
http://online.securityfocus.com/bid/879
http://www.securiteam.com/exploits/3I5QDQ0QAG.html |
| Recommendation |
Upgrade to the latest version (GroupWise 6) of GroupWise.
See http://www.novell.com/products/groupwise/ |
| Related URL |
CVE-1999-1005 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
