Information Exposure Vulnerability in Novell GroupWise WebAccess
CVE-2005-0296

Currently unrated

Key Information:

Vendor: Novell
Status: Groupwise; Groupwise Webaccess
Vendor: CVE Published:; 17 January 2005

Summary

The error module in Novell GroupWise WebAccess may allow remote attackers who have not authenticated access to potentially sensitive information. This could include details such as the software version due to improper handling of error messages. Attackers can exploit this through either an incorrect login attempt or by manipulating the error or modify parameters to reveal template files or the 'about' information page. The vendor has disputed this vulnerability, raising concerns about its validity.

References

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugt...

mailing-listx_refsource_BUGTRAQ

http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/20...

mailing-listx_refsource_FULLDISC

http://www.osvdb.org/13135

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability Reserved
Feb 10, 2005
Vulnerability published
Jan 17, 2005