[13060] in bugtraq
Re: Groupewise Web Interface
daemon@ATHENA.MIT.EDU (Brian)
Wed Dec 22 15:48:27 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <3.0.1.32.19991221142151.00685bfc@umn.edu>
Date: Tue, 21 Dec 1999 14:21:51 -0600
Reply-To: Brian <eckma009@UMN.EDU>
From: Brian <eckma009@UMN.EDU>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
This vulnerability exists on the Enterprise Web Server.
Brian
>>> Raymond Dijkxhoorn <raymond@THRIJSWIJK.NL> 12/20/99 02:29PM >>>
Hi!
> 1. The help argument in GWWEB.EXE reveal full web path on the server
> 2. anyone can read a .htm file on the system with the GWWEB.EXE and the HELP
> argument.
> This was tested on GroupWise 5.2 and 5.5 .
Why didnt you upgrade to the one wich was shipped on 5.5 ??
The Netscape Enterprise server ???
As far as i know the Novell webserver is no longer in development and the
new ones were builded under the 'Novonyx' flag.... Novell/Netscape.
Bye,
Raymond Dijkxhoorn
