漏洞信息详情
Novell Groupwise任意文件取回漏洞
- CNNVD编号:CNNVD-200110-049
- 危害等级: 低危
- CVE编号: CVE-2001-1458
- 漏洞类型: 路径遍历
- 发布时间: 2001-10-15
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: novell
- 漏洞来源: This vulnerability...
漏洞简介
Novell GroupWise 5.5和6.0版本存在目录遍历漏洞。远程攻击者借助包含\"../\" (点 点)序列和空字符的/servlet/webacc?User.HTML=的请求读取任意文件。
漏洞公告
A vendor supplied patch is available: Novell Groupwise Enhancement Pack 5.5
- Novell Novell Groupwise WebAccess fix 5.5 & 6.0Novell has released a self extracting file with a replacement JAR file containing a new WebAccess servlet. http://support.novell.com/servlet/tidfinder/2960443
- Novell Novell Groupwise WebAccess fix 5.5 & 6.0Novell has released a self extracting file with a replacement JAR file containing a new WebAccess servlet. http://support.novell.com/servlet/tidfinder/2960443
参考网址
来源:US-CERT Vulnerability Note: VU#341539 名称: VU#341539 链接:http://www.kb.cert.org/vuls/id/341539 来源: XF 名称: novell-groupwise-directory-traversal(7287) 链接:http://xforce.iss.net/xforce/xfdb/7287 来源: BID 名称: 3436 链接:http://www.securityfocus.com/bid/3436 来源: www.novell.com 链接:http://www.novell.com/coolsolutions/gwmag/features/a_webaccess_security_gw.HTML 来源: www.foundstone.com 链接:http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/advisories_template.htm%3Findexid%3D12 来源: BUGTRAQ 名称: 20011015 Novell Groupwise arbitrary file retrieval vulnerability 链接:http://online.securityfocus.com/archive/1/220667
受影响实体
- Novell Groupwise:6.0
- Novell Groupwise:5.5:Enhancement_pack
- Novell Groupwise:5.5
补丁
暂无
评论