Intrusion PreventionNovell.GroupWise.WebAccess.User.Interface.Path.Traversal
Description
This indicates an attack attempt against a Directory Traversal vulnerability in Novell GroupWise WebAccess.
The vulnerability is caused by a lack of sanitizing of the 'User.interface' parameter in the client request. It may allow remote attackers to open arbitrary file via sending a crafted http client request.
Affected Products
Novell GroupWise 8.0 Support Pack 2 0
Novell Groupwise 8.02 HP3
Novell Groupwise 8.02 HP2
Novell Groupwise 8.02 HP1
Novell Groupwise 8.02
Novell Groupwise 8.01x
Novell Groupwise 8.0 SP2
Novell Groupwise 8.0 SP1
Novell Groupwise 8.0 HP3
Novell Groupwise 8.0 HP2
Novell Groupwise 8.0 HP1
Novell Groupwise 8.0
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Refer to the vendor's web site for suggested workaround.
http://www.novell.com/support/kb/doc.php?id=7000708
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2024-07-25 | 28.833 |
Modified
|
Name:Novell. GroupWise. WebAccess. User. Interface. Directory. Traversal:Novell. GroupWise. WebAccess. User. Interface. Path. Traversal |
| 2023-08-09 | 25.618 |
Modified
|
Name:Novell. Groupwise. WebAccess. User. Interface. Directory. Traversal:Novell. GroupWise. WebAccess. User. Interface. Directory. Traversal |
| ID | 32923 |
| Created | Sep 05, 2012 |
| Updated | Jul 23, 2024 |
| CVE ID | |
| Risk |
|
| Exploit Prediction Score | 3.48% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Novell |
| Profile Type | Path Traversal |