Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1005

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-1999-1005
Last Modified 09 Sep 2008 08:36:36
Published 19 Dec 1999 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-1999-1005

Summary

Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.

Vulnerable Systems

Application

  • Netscape Enterprise Server 3.0.7a

  • Novell Groupwise 5.2

  • Novell Groupwise 5.5


References

BID - 879

OSVDB - 3413

BUGTRAQ - 19991219 Groupewise Web Interface


Last Updated: 27 May 2016 10:35:14