Vulnerability Name: | CVE-2005-0296 (CCN-18954) | ||||||||
Assigned: | 2005-01-17 | ||||||||
Published: | 2005-01-17 | ||||||||
Updated: | 2017-07-11 | ||||||||
Summary: | ** DISPUTED ** Note: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. Note: the vendor has disputed this issue. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Bypass Security | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Mon Jan 17 2005 - 10:42:53 CST Novell GroupWise WebAccess error modules loading Source: MITRE Type: CNA CVE-2005-0296 Source: BUGTRAQ Type: UNKNOWN 20050117 Novell GroupWise WebAccess error modules loading Source: MISC Type: Vendor Advisory http://support.novell.com/servlet/tidfinder/10096251 Source: FULLDISC Type: Vendor Advisory 20050121 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report) Source: BUGTRAQ Type: Vendor Advisory 20050127 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report) Source: OSVDB Type: UNKNOWN 13135 Source: CCN Type: OSVDB ID: 13135 Novell GroupWise WebAccess Error Module Username XSS Source: CCN Type: OSVDB ID: 13141 Novell GroupWise WebAccess webacc Error Document Authentication Bypass Source: CCN Type: OSVDB ID: 13142 Novell GroupWise WebAccess webacc Information Disclosure Source: BID Type: Vendor Advisory 12285 Source: CCN Type: BID-12285 Novell GroupWise WebAccess Remote Authentication Bypass Vulnerability Source: XF Type: UNKNOWN groupwise-error-auth-bypass(18954) Source: XF Type: UNKNOWN groupwise-error-auth-bypass(18954) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |