VulDB: Novell GroupWise 8.0 User.interface Directory Traversal
General
scipID: 5631
Affected: Novell GroupWise 8.0
Published: 06/28/2012 (Tim Brown)
Risk: 
problematic
Entry: 85.2% complete
Created: 07/04/2012
Updated: 09/03/2012
Summary
A vulnerability was found in Novell GroupWise 8.0. It has been classified as problematic. This affects an unknown function. The manipulation of the argument User.interface with an unknown input leads to a directory traversal vulnerability. This is going to have an impact on confidentiality, and integrity.
The weakness was released 06/28/2012 by Tim Brown with Portcullis CSL as 7000708 as advisory (Website). The advisory is shared for download at novell.com. This vulnerability is uniquely identified as CVE-2012-0410 since 01/09/2012. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details and a private exploit are known.
Upgrading to version 8.0 Support Pack 3 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (83495) and Secunia (SA49796).CVSS
Base Score: 5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
CPE
- cpe:/a:novell:groupwise:8.0
Exploiting
Class: Directory Traversal
Local: No
Remote: Yes
Availability: Yes
Access: Private
Countermeasures
Recommended: Upgrade
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Upgrade: GroupWise 8.0 Support Pack 3
Timeline
01/09/2012 | CVE assigned
06/28/2012 | Advisory disclosed
06/28/2012 | Countermeasure disclosed
07/02/2012 | OSVDB entry created
07/04/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: 7000708
Researcher: Tim Brown
Company: Portcullis CSL
OSVDB: 83495
CVE: CVE-2012-0410 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 49796
