Directory Traversal Vulnerability in Novell GroupWise by Novell
CVE-2012-0419

Currently unrated

Key Information:

Vendor: Novell
Status: Groupwise
Vendor: CVE Published:; 28 September 2012

Summary

A directory traversal vulnerability exists in the HTTP interfaces of Novell GroupWise, enabling remote attackers to exploit this weakness. By crafting specific requests that include directory traversal sequences, an attacker could gain unauthorized access to arbitrary files on the server. This flaw impacts GroupWise versions 8.0 prior to Support Pack 3 and 2012 prior to Support Pack 1, posing a significant risk to data confidentiality.

References

https://bugzilla.novell.com/show_bug.cgi?id=756330

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2012/Sep/161

mailing-listx_refsource_FULLDISC

https://bugzilla.novell.com/show_bug.cgi?id=756924

x_refsource_CONFIRM

EPSS Score

82% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 28, 2012
Vulnerability Reserved
Jan 9, 2012