Novell GroupWise WebAccess Error Module About Page XSS

2005-01-22T02:46:12
ID OSVDB:13134
Type osvdb
Reporter OSVDB
Modified 2005-01-22T02:46:12

Description

Technical Description

If the about.htt has been deleted (as a precaution to avoid this XSS issue), requesting https://[target]/servlet/webacc?merge=about will disclose the intallation path of the GroupWise software.

References:

Vendor URL: http://www.novell.com/ Security Tracker: 1012928 Related OSVDB ID: 13135 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0606.html Mail List Post: http://marc.theaimsgroup.com/?l=full-disclosure&m=110634060716097&w=2