Novell NetWare Enterprise Web Server lcgitest.nlm Information Disclosure

2004-01-23T09:59:05
ID OSVDB:3722
Type osvdb
Reporter OSVDB
Modified 2004-01-23T09:59:05

Description

Vulnerability Description

Netware Enterprise Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a specially crafted URL, which will disclose server information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Netware Enterprise Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a specially crafted URL, which will disclose server information resulting in a loss of confidentiality.

Manual Testing Notes

http://<host>/lcgi/lcgitest.nlm

References:

Secunia Advisory ID:10711 Other Advisory URL: http://www.forbiddenweb.org/viewtopic.php?p=7951 Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-01/0223.html ISS X-Force ID: 14921 CVE-2004-2104 Bugtraq ID: 9479