CVE Details for CVE: CVE-2001-1458
Summary
Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character.
| Timestamps | |
|---|---|
| Last major update | 11-07-2017 - 01:29 |
| Published | 15-10-2001 - 04:00 |
| Last modified | 11-07-2017 - 01:29 |
References
- http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/advisories_template.htm%3Findexid%3D12
- http://support.novell.com/servlet/tidfinder/2960443
- http://www.kb.cert.org/vuls/id/341539
- http://www.securityfocus.com/bid/3436
- http://online.securityfocus.com/archive/1/220667
- http://www.novell.com/coolsolutions/gwmag/features/a_webaccess_security_gw.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7287
Vulnerable Configurations
CWE
CVSS
Base
5.0
Impact
2.9
Exploitability
10.0
Access
| Vector | Complexity | Authentication |
|---|---|---|
| NETWORK | LOW | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| PARTIAL | NONE | NONE |
CVSS3
None
VIA4 references
cvss-vector
via4
refmap
via4
| bid | 3436 |
| bugtraq | 20011015 Novell Groupwise arbitrary file retrieval vulnerability |
| cert-vn | VU#341539 |
| confirm | |
| misc | http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/advisories_template.htm%3Findexid%3D12 |
| xf | novell-groupwise-directory-traversal(7287) |