Lucene search

[email protected]CVE-1999-1005

HistoryDec 19, 1999 - 5:00 a.m.

CVE-1999-1005

1999-12-1905:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-1999-1005

groupwise web server

remote attack

help parameter

file access

dot-dot attack

nvd

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.04 Low

EPSS

Percentile

92.0%

JSON

Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a … (dot dot) attack using the HELP parameter.

CPENameOperatorVersion
netscape:enterprise_servernetscape enterprise servereq3.0.7a
novell:groupwisenovell groupwiseeq5.5
novell:groupwisenovell groupwiseeq5.2

CPE	Name	Operator	Version
netscape:enterprise_server	netscape enterprise server	eq	3.0.7a
novell:groupwise	novell groupwise	eq	5.5
novell:groupwise	novell groupwise	eq	5.2

References

marc.info/?l=bugtraq&m=94571433731824&w=2

www.osvdb.org/3413

www.securityfocus.com/bid/879

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.04 Low

EPSS

Percentile

92.0%

JSON

Related for CVE-1999-1005

openvas1