Test Kennung:	1.3.6.1.4.1.25623.1.0.12048
Kategorie:	Web Servers
Titel:	Netware Web Server Sample Page Source Disclosure
Zusammenfassung:	On a Netware Web Server, viewcode.jse allows the source code of web pages to; be viewed.
Beschreibung:	Summary: On a Netware Web Server, viewcode.jse allows the source code of web pages to be viewed. Vulnerability Insight: As an argument, a URL is passed to sewse.nlm. The URL can be altered and will permit files outside of the web root to be viewed. As a result, sensitive information could be obtained from the Netware server, such as the RCONSOLE password located in AUTOEXEC.NCF. Example: http://example.com//lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist+httplist/../../../../../system/autoexec.ncf Solution: Remove sample NLMs and default files from the web server. Also, ensure the RCONSOLE password is encrypted and utilize a password protected screensaver for console access. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	BugTraq ID: 3715 Common Vulnerability Exposure (CVE) ID: CVE-2001-1580 http://www.securityfocus.com/bid/3715 Bugtraq: 20011219 IRM Security Advisory 002: Netware Web Server Source Disclosure (Google Search) http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-12/0204.html Bugtraq: 20011220 Re: IRM Security Advisory 002: Netware Web Server Source Disclosure (Google Search) http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-12/0218.html http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-12/0221.html XForce ISS Database: netware-webserver-directory-traversal(7726) https://exchange.xforce.ibmcloud.com/vulnerabilities/7726
Copyright	Copyright (C) 2002 David Kyger

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.