Password Bypass in Novell NetWare 6.5 ApacheAdmin Console
CVE-2008-5696

Currently unrated

Key Information:

Vendor: Novell
Status: Netware
Vendor: CVE Published:; 19 December 2008

What is CVE-2008-5696?

The Novell NetWare 6.5 version prior to Support Pack 8 contains a security flaw where the ApacheAdmin console does not require a password when an OES2 Linux server is integrated into the Novell Directory Services (NDS) tree. This enables unauthorized remote attackers to exploit the vulnerability and gain access to critical configuration settings for the Apache HTTP Server, potentially leading to unauthorized system changes.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/47104

vdb-entryx_refsource_XF

http://secunia.com/advisories/32989

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2008/3368

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2008
Vulnerability Reserved
Dec 19, 2008