Novell Netbasic Scripting Server Directory Traversal Network Vulnerability

Summary

Novell Netbasic Scripting Server Directory Traversal It is possible to escape out of the root directory of the scripting server by substituting a forward or backward slash for %5C. As a result, system information, such as environment and user information, could be obtained from the Netware server. Example: http://server/nsn/..%5Cutil/userlist.bas

Solution

Apply the relevant patch and remove all default files from their respective directories.

Severity

Classification

CVE CVE-2002-1417

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Netware Web Server Sample Page Source Disclosure
Novell Netbasic Scripting Server Directory Traversal
Netware NDS Object Enumeration
Netware LDAP search request
Netware 6.0 Tomcat source code viewer

Take action and discover your vulnerabilities