Lucene search

[email protected]CVE-2005-0296

HistoryJan 17, 2005 - 5:00 a.m.

CVE-2005-0296

2005-01-1705:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

novell

groupwise

webaccess

unauthenticated remote attackers

sensitive information

incorrect login

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.015 Low

EPSS

Percentile

86.9%

JSON

NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the “about” information page. NOTE: the vendor has disputed this issue

CPENameOperatorVersion
novell:groupwisenovell groupwiseeq6.0
novell:groupwise_webaccessnovell groupwise webaccesseq6.5
novell:groupwisenovell groupwiseeq6.5
novell:groupwise_webaccessnovell groupwise webaccesseq6.0

CPE	Name	Operator	Version
novell:groupwise	novell groupwise	eq	6.0
novell:groupwise_webaccess	novell groupwise webaccess	eq	6.5
novell:groupwise	novell groupwise	eq	6.5
novell:groupwise_webaccess	novell groupwise webaccess	eq	6.0

References

marc.info/?l=bugtraq&m=110608203729814&w=2

support.novell.com/servlet/tidfinder/10096251

www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html

www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html

www.osvdb.org/13135

www.securityfocus.com/bid/12285

exchange.xforce.ibmcloud.com/vulnerabilities/18954

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.015 Low

EPSS

Percentile

86.9%

JSON

Related for CVE-2005-0296

nessus1