Vulnerabilities > CVE-2002-1437 - Directory Traversal vulnerability in Novell Netware 5.1/6.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

novell

nessus

NVD

Published: 2003-04-11

Updated: 2008-09-05

Summary

Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences.

Vulnerable Configurations

Part	Description	Count
OS	Novell Novell Netware 5.1 Novell Netware 6.0	4

Nessus

NASL family	Netware
NASL id	NETWARE_POST_PERL.NASL
description	Novell NetWare contains multiple default web server installations. The NetWare Enterprise Web Server (Netscape/IPlanet) has a perl handler that will run arbitrary code given in a POST request. Versions 5.x (through SP4) and 6.x (through SP1) are affected.
last seen	2020-06-01
modified	2020-06-02
plugin id	11158
published	2002-11-21
reporter	This script is Copyright (C) 2002-2018 visigoth
source	https://www.tenable.com/plugins/nessus/11158
title	Novell NetWare Web Handler Multiple Vulnerabilities

Summary

Vulnerable Configurations

Nessus

References