| Vulnerability Name: | CVE-2002-1634 (CCN-9212) | ||||||||
| Assigned: | 2002-05-29 | ||||||||
| Published: | 2002-05-29 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via (1) ndsobj.nlm, (2) allfield.jse, (3) websinfo.bas, (4) ndslogin.pl, (5) volscgi.pl, (6) lancgi.pl, (7) test.jse, or (8) env.pl. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2002-1634 Source: CONFIRM Type: Exploit, Patch http://support.novell.com/cgi-bin/search/searchtid.cgi?/10064452.htm Source: CCN Type: US-CERT VU#159203 Novell NetWare default installation contains sample files that disclose sensitive server information Source: CERT-VN Type: Patch, US Government Resource VU#159203 Source: OSVDB Type: UNKNOWN 17461 Source: OSVDB Type: UNKNOWN 17462 Source: OSVDB Type: UNKNOWN 17463 Source: OSVDB Type: UNKNOWN 17464 Source: OSVDB Type: UNKNOWN 17465 Source: OSVDB Type: UNKNOWN 17466 Source: OSVDB Type: UNKNOWN 17467 Source: OSVDB Type: UNKNOWN 17468 Source: CCN Type: OSVDB ID: 17461 Novell NetWare ndsobj.nlm Sample Application Information Disclosure Source: CCN Type: OSVDB ID: 17462 Novell NetWare sewse.nlm (allfield.jse) Sample Application Information Disclosure Source: CCN Type: OSVDB ID: 17463 Novell NetWare websinfo.bas Sample Application Information Disclosure Source: CCN Type: OSVDB ID: 17464 Novell NetWare ndslogin.pl Sample Application Information Disclosure Source: CCN Type: OSVDB ID: 17465 Novell NetWare volscgi.pl Sample Application Information Disclosure Source: CCN Type: OSVDB ID: 17466 Novell NetWare lancgi.pl Sample Application Information Disclosure Source: CCN Type: OSVDB ID: 17467 Novell NetWare sewse.nlm (test.jse) Sample Application Information Disclosure Source: CCN Type: OSVDB ID: 17468 Novell NetWare env.pl Sample Application Information Disclosure Source: CCN Type: ProCheckUp Security Bulletin PR02-01 Netware default programs displays server variables including web root location Source: MISC Type: UNKNOWN http://www.procheckup.com/security_info/vuln_pr0201.html Source: CCN Type: ProCheckUp Security Bulletin PR02-03 Netware default programs displays server information to attackers. Source: MISC Type: UNKNOWN http://www.procheckup.com/security_info/vuln_pr0203.html Source: MISC Type: Exploit, Patch http://www.securityfocus.com/advisories/4157 Source: MISC Type: Exploit, Patch http://www.securityfocus.com/advisories/4158 Source: BID Type: Exploit 4874 Source: CCN Type: BID-4874 Netscape Enterprise Web Server for Netware Information Disclosure Vulnerability Source: XF Type: UNKNOWN netware-sample-information-disclosure(9212) Source: XF Type: UNKNOWN netware-sample-information-disclosure(9212) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||