Lucene search

[email protected]CVE-2004-2734

HistoryOct 09, 2007 - 10:00 a.m.

CVE-2004-2734

2007-10-0910:00:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2004-2734

novell

netware

web manager

access control

remote attackers

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.7%

JSON

webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.

Affected configurations

NVD

Node

novellnetwareMatch6.5

novellnetwareMatch6.5sp1

novellnetwareMatch6.5sp1.1a

novellnetwareMatch6.5sp1.1b

CPENameOperatorVersion
novell:netwarenovell netwareeq6.5

CPE	Name	Operator	Version
novell:netware	novell netware	eq	6.5

References

secunia.com/advisories/12049

securitytracker.com/id?1011012

support.novell.com/cgi-bin/search/searchtid.cgi?/10094233.htm

www.osvdb.org/9103

www.securityfocus.com/bid/11000

exchange.xforce.ibmcloud.com/vulnerabilities/40478

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.7%

JSON

Related for CVE-2004-2734

nvd1 cvelist1 openvas1