Lucene search

[email protected]NVD:CVE-2004-2734

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2734

2004-12-3105:00:00

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.044

Percentile

92.6%

JSON

webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.

Affected configurations

Nvd

Node

novellnetwareMatch6.5

novellnetwareMatch6.5sp1

novellnetwareMatch6.5sp1.1a

novellnetwareMatch6.5sp1.1b

VendorProductVersionCPE
novellnetware6.5cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*
novellnetware6.5cpe:2.3:o:novell:netware:6.5:sp1:*:*:*:*:*:*
novellnetware6.5cpe:2.3:o:novell:netware:6.5:sp1.1a:*:*:*:*:*:*
novellnetware6.5cpe:2.3:o:novell:netware:6.5:sp1.1b:*:*:*:*:*:*

Vendor	Product	Version	CPE
novell	netware	6.5	cpe:2.3:o:novell:netware:6.5:::::::*
novell	netware	6.5	cpe:2.3:o:novell:netware:6.5:sp1::::::
novell	netware	6.5	cpe:2.3:o:novell:netware:6.5:sp1.1a::::::
novell	netware	6.5	cpe:2.3:o:novell:netware:6.5:sp1.1b::::::

References

secunia.com/advisories/12049

securitytracker.com/id?1011012

support.novell.com/cgi-bin/search/searchtid.cgi?/10094233.htm

www.osvdb.org/9103

www.securityfocus.com/bid/11000

exchange.xforce.ibmcloud.com/vulnerabilities/40478

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.044

Percentile

92.6%

JSON

Related for NVD:CVE-2004-2734

cvelist1 cve1 openvas1