CVE-2005-0296

Severity

50%

Complexity

99%

Confidentiality

48%

** DISPUTED ** NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue.

** DISPUTED ** NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

Novell

First reported 20 years ago

2005-01-17 05:00:00

Last updated 7 years ago

2017-07-11 01:32:00

Affected Software

Novell Groupwise 6.0

6.0

Novell Groupwise 6.5

6.5

Novell Groupwise 6.5 SP1

6.5

Novell Groupwise 6.5 SP2

6.5

Novell GroupWise WebAccess 6.5

6.5

References

20050117 Novell GroupWise WebAccess error modules loading

http://support.novell.com/servlet/tidfinder/10096251

Vendor Advisory

20050121 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)

Vendor Advisory

20050127 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)

Vendor Advisory

13135

12285

Vendor Advisory

groupwise-error-auth-bypass(18954)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.