Novell Groupwise任意文件取回漏洞

漏洞信息详情

Novell Groupwise任意文件取回漏洞

漏洞简介

Novell GroupWise 5.5和6.0版本存在目录遍历漏洞。远程攻击者借助包含\”../\” (点 点)序列和空字符的/servlet/webacc?User.html=的请求读取任意文件。

漏洞公告

A vendor supplied patch is available:
Novell Groupwise Enhancement Pack 5.5

Novell Groupwise 6.0

参考网址

来源:US-CERT Vulnerability Note: VU#341539
名称: VU#341539
链接:http://www.kb.cert.org/vuls/id/341539

来源: XF
名称: novell-groupwise-directory-traversal(7287)
链接:http://xforce.iss.net/xforce/xfdb/7287

来源: BID
名称: 3436
链接:http://www.securityfocus.com/bid/3436

来源: www.novell.com
链接:http://www.novell.com/coolsolutions/gwmag/features/a_webaccess_security_gw.html

来源: www.foundstone.com
链接:http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/advisories_template.htm%3Findexid%3D12

来源: BUGTRAQ
名称: 20011015 Novell Groupwise arbitrary file retrieval vulnerability
链接:http://online.securityfocus.com/archive/1/220667

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享