Plugin ID | 347 |
Plugin name | Novell GroupWise WebAccess prior 6.5.3 about html injection |
Plugin filename | Novell GroupWise WebAccess prior 6.5.3 about html injection.plugin |
Plugin filesize | 2984 bytes |
Plugin family | CGI |
Plugin created name | Marc Ruef |
Plugin created email | marc.ruef at computec.ch |
Plugin created web | http://www.computec.ch |
Plugin created company | computec.ch |
Plugin created date | 2004/12/09 |
Plugin version | 1.0 |
Plugin protocol | tcp |
Plugin port | 80 |
Plugin procedure exploit | open|send GET /servlet/webacc?error=about HTTP/1.0\n\n|close|pattern_exists HTTP/#.# ### *Program Release* |
Plugin exploit accuracy | 99 |
Plugin comment | This plugin was written with the ATK Attack Editor. |
Bug published name | Marc Ruef |
Bug published email | marc.ruef at computec.ch |
Bug published web | http://www.computec.ch |
Bug published company | computec.ch |
Bug published date | 2004/12/09 |
Bug produced name | Novell |
Bug produced email | info at novell.com |
Bug produced web | http://www.novell.com |
Bug affected | Novell GroupWise WebAccess prior 6.5.3 |
Bug not affected | Novell GroupWise WebAccess newer than 6.5.3 or other products |
Bug vulnerability class | Weak Authentication |
Bug false positives | These depends how Novell will fix this flaw. |
Bug description | It is possible to circumvent the login procedure. It is possible to specify the about template as error document with the $QUERY_STRING variant error. So it is possible to get the version of the installed GroupWise framework. This information may be useful to launch further attacks. |
Bug solution | The flaws may be patched with an upcoming bugfix or a new software release. As a workaround you should deny untrusted incoming connections to your WebAccess thru firewalling. |
Bug fixing time | Approx. 30 minutes |
Bug exploit availability | Yes |
Bug exploit url | https://www.computec.ch/servlet/webacc?error=about |
Bug remote | Yes |
Bug local | Yes |
Bug severity | High |
Bug popularity | 6 |
Bug simplicity | 8 |
Bug impact | 7 |
Bug risk | 7 |
Source scipID | 1021 |
Source Literature | Hacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X |
Source Misc. | http://developer.novell.com/ndk/doc/gwwbacc/index.html?page=/ndk/doc/gwwbacc/gwwebacc/data/a6l4t54.html |