Summary
The Apache Tomcat server distributed with Netware 6.0 has a directory traversal vulnerability. As a result, sensitive information could be obtained from the Netware server, such as the RCONSOLE password located in AUTOEXEC.NCF.
Example : http://target/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf
Solution
Remove default files from the web server. Also, ensure the RCONSOLE password is encrypted and utilize a password protected screensaver for console access.
Severity
Classification
-
CVE CVE-2000-1210 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities