Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0296

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0296
Last Modified 05 Sep 2008 04:45:53
Published 17 Jan 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0296

Summary

** DISPUTED ** NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue.

Vulnerable Systems

Application

  • Novell Groupwise 6.0

  • Novell Groupwise 6.5

  • Novell Groupwise Webaccess 6.0

  • Novell Groupwise Webaccess 6.5


References

XF - groupwise-error-auth-bypass(18954)

BID - 12285

BUGTRAQ - 20050127 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)

FULLDISC - 20050121 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)

MISC - http://support.novell.com/servlet/tidfinder/10096251

BUGTRAQ - 20050117 Novell GroupWise WebAccess error modules loading

OSVDB - 13135


Last Updated: 27 May 2016 10:39:44