漏洞信息详情
Novell Groupwise任意文件取回漏洞
- CNNVD编号:CNNVD-200110-049
- 危害等级: 中危
- CVE编号:
CVE-2001-1458
- 漏洞类型:
路径遍历
- 发布时间:
2001-10-15
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
novell - 漏洞来源:
This vulnerability… -
漏洞简介
Novell GroupWise 5.5和6.0版本存在目录遍历漏洞。远程攻击者借助包含\”../\” (点 点)序列和空字符的/servlet/webacc?User.html=的请求读取任意文件。
漏洞公告
A vendor supplied patch is available:
Novell Groupwise Enhancement Pack 5.5
-
Novell Novell Groupwise WebAccess fix 5.5 & 6.0Novell has released a self extracting file with a replacement JAR file containing a new WebAccess servlet.
http://support.novell.com/servlet/tidfinder/2960443
Novell Groupwise 6.0
-
Novell Novell Groupwise WebAccess fix 5.5 & 6.0Novell has released a self extracting file with a replacement JAR file containing a new WebAccess servlet.
http://support.novell.com/servlet/tidfinder/2960443
参考网址
来源:US-CERT Vulnerability Note: VU#341539
名称: VU#341539
链接:http://www.kb.cert.org/vuls/id/341539
来源: XF
名称: novell-groupwise-directory-traversal(7287)
链接:http://xforce.iss.net/xforce/xfdb/7287
来源: BID
名称: 3436
链接:http://www.securityfocus.com/bid/3436
来源: www.novell.com
链接:http://www.novell.com/coolsolutions/gwmag/features/a_webaccess_security_gw.html
来源: www.foundstone.com
链接:http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/advisories_template.htm%3Findexid%3D12
来源: BUGTRAQ
名称: 20011015 Novell Groupwise arbitrary file retrieval vulnerability
链接:http://online.securityfocus.com/archive/1/220667