Novell GroupWise WebAccess Simple Interface Cross Site Scripting Vulnerability
BID:29922
Info
Novell GroupWise WebAccess Simple Interface Cross Site Scripting Vulnerability
| Bugtraq ID: | 29922 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3501 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 18 2008 12:00AM |
| Updated: | May 07 2015 05:28PM |
| Credit: | Novell |
| Vulnerable: |
Novell Groupwise 7.0 Novell Groupwise 7.0.0 SP3 Novell Groupwise 7.0.0 SP2 Novell Groupwise 7.0.0 SP1 |
| Not Vulnerable: | |
Discussion
Novell GroupWise WebAccess Simple Interface Cross Site Scripting Vulnerability
Novell GroupWise WebAccess is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
NOTE: This issue affects only the simple interface. The standard WebAccess UI is not affected.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The issue affects Novell GroupWise WebAccess 7.0.x.
Novell GroupWise WebAccess is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
NOTE: This issue affects only the simple interface. The standard WebAccess UI is not affected.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The issue affects Novell GroupWise WebAccess 7.0.x.
Exploit / POC
Novell GroupWise WebAccess Simple Interface Cross Site Scripting Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
Novell GroupWise WebAccess Simple Interface Cross Site Scripting Vulnerability
Solution:
The vendor has released fixes. Please see the references for more information.
Novell Groupwise 7.0.0 SP2
Novell Groupwise 7.0.0 SP1
Novell Groupwise 7.0.0 SP3
Novell Groupwise 7.0
Solution:
The vendor has released fixes. Please see the references for more information.
Novell Groupwise 7.0.0 SP2
-
Novell GroupWise 7 SP3 Hot Patch 1 Full for Windows and NLM US and MULTI
http://download.novell.com/Download?buildid=LMBlxrbQc5U~ -
Novell GroupWise 7 SP3 Hot Patch 1 Linux Full US and MULTI
http://download.novell.com/Download?buildid=ey8-Qy-Vwio~
Novell Groupwise 7.0.0 SP1
-
Novell GroupWise 7 SP3 Hot Patch 1 Full for Windows and NLM US and MULTI
http://download.novell.com/Download?buildid=LMBlxrbQc5U~ -
Novell GroupWise 7 SP3 Hot Patch 1 Linux Full US and MULTI
http://download.novell.com/Download?buildid=ey8-Qy-Vwio~
Novell Groupwise 7.0.0 SP3
-
Novell GroupWise 7 SP3 Hot Patch 1 Full for Windows and NLM US and MULTI
http://download.novell.com/Download?buildid=LMBlxrbQc5U~ -
Novell GroupWise 7 SP3 Hot Patch 1 Linux Full US and MULTI
http://download.novell.com/Download?buildid=ey8-Qy-Vwio~
Novell Groupwise 7.0
-
Novell GroupWise 7 SP3 Hot Patch 1 Full for Windows and NLM US and MULTI
http://download.novell.com/Download?buildid=LMBlxrbQc5U~ -
Novell GroupWise 7 SP3 Hot Patch 1 Linux Full US and MULTI
http://download.novell.com/Download?buildid=ey8-Qy-Vwio~
References
Novell GroupWise WebAccess Simple Interface Cross Site Scripting Vulnerability
References:
References: