Vulnerability CVE-2005-0296 - CERT Civis.Net

Vulnerability Name:

CVE-2005-0296 (CCN-18954)

Assigned:

2005-01-17

Published:

2005-01-17

Updated:

2017-07-11

Summary:

** DISPUTED **
Note: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page.
Note: the vendor has disputed this issue.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: BugTraq Mailing List, Mon Jan 17 2005 - 10:42:53 CST
Novell GroupWise WebAccess error modules loading

Source: MITRE
Type: CNA
CVE-2005-0296

Source: BUGTRAQ
Type: UNKNOWN
20050117 Novell GroupWise WebAccess error modules loading

Source: MISC
Type: Vendor Advisory
http://support.novell.com/servlet/tidfinder/10096251

Source: FULLDISC
Type: Vendor Advisory
20050121 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)

Source: BUGTRAQ
Type: Vendor Advisory
20050127 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)

Source: OSVDB
Type: UNKNOWN
13135

Source: CCN
Type: OSVDB ID: 13135
Novell GroupWise WebAccess Error Module Username XSS

Source: CCN
Type: OSVDB ID: 13141
Novell GroupWise WebAccess webacc Error Document Authentication Bypass

Source: CCN
Type: OSVDB ID: 13142
Novell GroupWise WebAccess webacc Information Disclosure

Source: BID
Type: Vendor Advisory
12285

Source: CCN
Type: BID-12285
Novell GroupWise WebAccess Remote Authentication Bypass Vulnerability

Source: XF
Type: UNKNOWN
groupwise-error-auth-bypass(18954)

Source: XF
Type: UNKNOWN
groupwise-error-auth-bypass(18954)

Vulnerable Configuration:

Configuration 1:

cpe:/a:novell:groupwise:6.0:*:*:*:*:*:*:*

OR cpe:/a:novell:groupwise:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:novell:groupwise:6.0:sp2:*:*:*:*:*:*

OR cpe:/a:novell:groupwise:6.0:sp3:*:*:*:*:*:*

OR cpe:/a:novell:groupwise:6.0:sp4:*:*:*:*:*:*

OR cpe:/a:novell:groupwise:6.5:*:*:*:*:*:*:*

OR cpe:/a:novell:groupwise:6.5:sp1:*:*:*:*:*:*

OR cpe:/a:novell:groupwise:6.5:sp2:*:*:*:*:*:*

OR cpe:/a:novell:groupwise_webaccess:6.0:sp4:*:*:*:*:*:*

OR cpe:/a:novell:groupwise_webaccess:6.5:*:*:*:*:*:*:*

OR cpe:/a:novell:groupwise_webaccess:6.5:sp1:*:*:*:*:*:*

OR cpe:/a:novell:groupwise_webaccess:6.5:sp2:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:novell:groupwise_webaccess:*:*:*:*:*:*:*:*

Denotes that component is vulnerable