Novell Groupwise WebAccess 'User.interface' Parameter Directory Traversal Vulnerability Network Vulnerability

Summary

Groupwise is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory- traversal sequences ('../') to retrieve arbitrary files in the context of the application. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. Groupwise versions 8.0x through 8.02 HP3 are affected.

Solution

Vendor updates are available. Please see the references for more information.

References

http://www.novell.com/groupwise/
http://www.securityfocus.com/bid/54253

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0410

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
Apple Safari Multiple Vulnerabilities
Apache CouchDB Cross Site Request Forgery Vulnerability
/doc directory browsable ?
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability

Take action and discover your vulnerabilities