Bugtraq mailing list archives

Re: Groupewise Web Interface

From: eckma009 () UMN EDU (Brian)
Date: Tue, 21 Dec 1999 14:21:51 -0600


This vulnerability exists on the Enterprise Web Server.

Brian

Raymond Dijkxhoorn <raymond () THRIJSWIJK NL> 12/20/99 02:29PM >>>

Hi!

1. The help argument in GWWEB.EXE reveal full web path on the server
2. anyone can read a .htm file on the system with the GWWEB.EXE and the HELP
argument.

This was tested on GroupWise 5.2 and 5.5 .


Why didnt you upgrade to the one wich was shipped on 5.5 ??
The Netscape Enterprise server ???

As far as i know the Novell webserver is no longer in development and the
new ones were builded under the 'Novonyx' flag.... Novell/Netscape.

Bye,
Raymond Dijkxhoorn

Current thread:

Re: Groupewise Web Interface Tim Adams (Dec 21)
- Re: Groupewise Web Interface Bayard G. Bell (Dec 21)
- <Possible follow-ups>
- Re: Groupewise Web Interface Brian (Dec 21)
- Re: Groupewise Web Interface Sacha Faust Bourque (Dec 21)
  - Re: Groupewise Web Interface Randy Mclean (Dec 22)
    - Re: Groupewise Web Interface Richard Beels (Dec 23)
- Re: Groupewise Web Interface Brian (Dec 21)
- Re: GroupeWise Web Interface Richard Sather (Dec 21)
- Re: Groupewise Web Interface Roy Sigurd Karlsbakk (Dec 23)