Summary
Novell Netware contains multiple default web server installations. The Netware Enterprise Web Server (Netscape/IPlanet) has a perl handler which will run arbitrary code given to in a POST request version 5.x (through SP4) and 6.x (through SP1) are effected.
Solution
Install 5.x SP5 or 6.0 SP2
Additionally, the enterprise manager web interface may be used to unmap the /perl handler entirely. If it is not being used, minimizing this service would be appropriate.
Severity
Classification
-
CVE CVE-2002-1436, CVE-2002-1437, CVE-2002-1438 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities