Novell GroupWise WebAccess Potential Information Disclosure Vulnerability
BID:12194
Info
Novell GroupWise WebAccess Potential Information Disclosure Vulnerability
| Bugtraq ID: | 12194 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 07 2005 12:00AM |
| Updated: | Jan 07 2005 12:00AM |
| Credit: | Discovery is credited to <[email protected]>. |
| Vulnerable: |
Novell Groupwise 6.5 SP2 Novell Groupwise 6.5 SP1 Novell Groupwise 6.5 Novell Groupwise 6.0 SP4 Novell Groupwise 6.0 SP3 Novell Groupwise 6.0 SP2 Novell Groupwise 6.0 SP1 Novell Groupwise 6.0 Novell Groupwise 5.5 Novell Groupwise 5.2 |
| Not Vulnerable: | |
Discussion
Novell GroupWise WebAccess Potential Information Disclosure Vulnerability
GroupWise WebAccess component is reported prone to a potential information disclosure vulnerability. This issue may allow remote attackers to gather sensitive data that may be used to mount further attacks against a vulnerable computer.
It should be noted that this issue is not confirmed at the moment. Exploitation of this issue may require valid authentication credentials. Further details will be provided when more information becomes available.
All versions of GroupWise are considered to be vulnerable at the moment.
GroupWise WebAccess component is reported prone to a potential information disclosure vulnerability. This issue may allow remote attackers to gather sensitive data that may be used to mount further attacks against a vulnerable computer.
It should be noted that this issue is not confirmed at the moment. Exploitation of this issue may require valid authentication credentials. Further details will be provided when more information becomes available.
All versions of GroupWise are considered to be vulnerable at the moment.
Exploit / POC
Novell GroupWise WebAccess Potential Information Disclosure Vulnerability
An exploit is not required.
The following proof of concept is available:
hxxp://www.example.com/servlet/webacc?User.Lang=">
An exploit is not required.
The following proof of concept is available:
hxxp://www.example.com/servlet/webacc?User.Lang=">
Solution / Fix
Novell GroupWise WebAccess Potential Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Novell GroupWise WebAccess Potential Information Disclosure Vulnerability
References:
References:
- Novell GroupWise Homepage (Novell)