Vulnerability CVE-2004-2336 - CERT Civis.Net

Vulnerability Name:

CVE-2004-2336 (CCN-15467)

Assigned:

2004-03-13

Published:

2004-03-13

Updated:

2017-07-11

Summary:

Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2004-2336

Source: CCN
Type: SA11119
Novell Groupwise WebAccess Insecure Default Configuration

Source: SECUNIA
Type: UNKNOWN
11119

Source: CCN
Type: SECTRACK ID: 1009417
GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users

Source: CCN
Type: Novell Technical Information Document TID10091330
Potential security issue with GroupWise WebAccess 6.0 and 6.5

Source: CONFIRM
Type: Patch
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10091330.htm

Source: CCN
Type: OSVDB ID: 4253
Novell GroupWise WebAccess Insecure Default Configuration

Source: BID
Type: Patch
9864

Source: CCN
Type: BID-9864
Novell GroupWise WebAccess Unauthorized Access Vulnerability

Source: SECTRACK
Type: Patch
1009417

Source: XF
Type: UNKNOWN
groupwise-obtain-information(15467)

Source: XF
Type: UNKNOWN
groupwise-obtain-information(15467)

Vulnerable Configuration:

Configuration 1:

cpe:/a:novell:groupwise:6.0:*:*:*:*:*:*:*

OR cpe:/a:novell:groupwise:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:novell:groupwise:6.0:sp2:*:*:*:*:*:*

OR cpe:/a:novell:groupwise:6.0:sp3:*:*:*:*:*:*

OR cpe:/a:novell:groupwise:6.0:sp4:*:*:*:*:*:*

OR cpe:/a:novell:groupwise:6.5:*:*:*:*:*:*:*

OR cpe:/a:novell:groupwise:6.5:sp1:*:*:*:*:*:*

OR cpe:/a:novell:groupwise:6.5:sp2:*:*:*:*:*:*

Configuration 2:

cpe:/o:novell:netware:6.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:novell:groupwise:6.0:*:*:*:*:*:*:*

OR cpe:/o:novell:netware:6.0:*:*:*:*:*:*:*

OR cpe:/a:novell:groupwise:6.5:*:*:*:*:*:*:*

OR cpe:/a:novell:groupwise_webaccess:6.5:*:*:*:*:*:*:*

AND

cpe:/a:apache:http_server:1.3.6:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.9:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.33:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.37:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.39:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.36:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.35:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.34:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.32:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.31:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.4:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.30:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.38:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.7:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.8:*:*:*:*:*:*:*

Denotes that component is vulnerable