Vulnerabilities > CVE-2002-1634 - Information Disclosure vulnerability in Netscape Enterprise Web Server for Netware 5.0/5.1

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
novell
nessus
exploit available
NVD
Published: 2002-12-31
Updated: 2017-07-11

Summary

Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via (1) ndsobj.nlm, (2) allfield.jse, (3) websinfo.bas, (4) ndslogin.pl, (5) volscgi.pl, (6) lancgi.pl, (7) test.jse, or (8) env.pl.

Vulnerable Configurations

Part Description Count
OS
Novell
2

Exploit-Db

descriptionNetscape Enterprise Web Server for Netware 4/5 5.0 Information Disclosure. CVE-2002-1634. Remote exploit for novell platform
idEDB-ID:21488
last seen2016-02-02
modified2002-05-29
published2002-05-29
reporterProcheckup
sourcehttps://www.exploit-db.com/download/21488/
titleNetscape Enterprise Web Server for Netware 4/5 5.0 Information Disclosure

Nessus

NASL familyNetware
NASL idNOVELL_NOVONYX_DEFAULT_FILES.NASL
descriptionNovell NetWare default Novonyx web server files. A default installation of Novell 5.x will install the Novonyx web server. Numerous web server files included with this installation could reveal system information.
last seen2020-06-01
modified2020-06-02
plugin id12049
published2004-02-07
reporterThis script is Copyright (C) 2004-2019 David Kyger
sourcehttps://www.tenable.com/plugins/nessus/12049
titleNovonyx Web Server Multiple Sample Application Files Present
code
#
# This script was written by David Kyger <[email protected]>
#
# See the Nessus Scripts License for details
#

# Changes by Tenable:
# - Revised plugin title, output formatting (9/3/09)
# - Removed strings causing false positives (8/8/19)
# - Formatting clean up (8/8/19)

include("compat.inc");

if(description)
{
  script_id(12049);
  script_version ("1.22");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");

  script_cve_id("CVE-2002-1634");
  script_bugtraq_id(4874);

  script_name(english:"Novonyx Web Server Multiple Sample Application Files Present");
  script_summary(english:"Checks for default Novonyx web server files");

  script_set_attribute(attribute:"synopsis", value:
"Default files are installed on this system.");
  script_set_attribute(attribute:"description", value:
"Novell NetWare default Novonyx web server files.

A default installation of Novell 5.x will install the Novonyx web server. 
Numerous web server files included with this installation could reveal system 
information.");
  script_set_attribute(attribute:"solution", value:
"If not required, remove all default Novonyx web server files.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2002-1634");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");


  script_set_attribute(attribute:"plugin_publication_date", value: "2004/02/07");
  script_set_attribute(attribute:"vuln_publication_date", value: "2002/05/30");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Netware");

  script_copyright(english:"This script is Copyright (C) 2004-2020 David Kyger");

  script_dependencies("find_service1.nasl", "http_version.nasl");
  script_require_ports("Services/www", 80);
  exit(0);
}

include('http_func.inc');
include('http_keepalive.inc');

flag = 0;

warning = '\nThe following Novonyx web server files were found on the server:';

port = get_http_port(default:80, embedded:TRUE);

if (get_port_state(port))
{
  pat1 = 'NetBasic WebPro Demo';
  pat2 = 'Novell';
  pat3 = 'ScriptEase:WSE';
  pat4 = 'ALLFIELD.JSE';
  pat5 = 'LAN Boards';
  pat6 = 'Media Type';
  pat7 = 'Login to NDS';
  pat8 = 'Total Space';
  pat9 = 'Free Space';
  pat10 = 'ADMSERV_ROOT';
  pat11 = 'ADMSERV_PWD';
  pat12 = 'Directory Listing Tool';
  pat13 = 'Server Name';
  pat14 = 'Source directory';
  pat15 = 'secure directories sys';

  fl[0] = '/netbasic/websinfo.bas';
  fl[1] = '/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse';
  fl[2] = '/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/test.jse';
  fl[3] = '/perl/samples/lancgi.pl';
  fl[4] = '/perl/samples/ndslogin.pl';
  fl[5] = '/perl/samples/volscgi.pl';
  fl[6] = '/perl/samples/env.pl';
  fl[7] = '/nsn/env.bas';
  fl[8] = '/nsn/fdir.bas';
 
  for (i = 0; fl[i]; i = i + 1) 
  { 
    req = http_get(item:fl[i], port:port);
    buf = http_keepalive_send_recv(port:port, data:req);
    if (buf == NULL) exit(0);
    if (
      (pat1 >< buf && pat2 >< buf) ||
      (pat3 >< buf && pat4 >< buf) ||
      (pat5 >< buf && pat6 >< buf) ||
      (pat7 >< buf && pat2 >< buf) ||
      (pat8 >< buf && pat9 >< buf) ||
      (pat10 >< buf && pat11 >< buf) ||
      (pat12 >< buf && pat13 >< buf) ||
      (pat14 >< buf && pat15 >< buf)
    )
    {
      warning += "\n" + fl[i]; 
      flag = 1;
    }
  }
  if (flag > 0)
  {
    security_warning(port:port, extra:warning);
  } else
  {
    exit(0);
  }
}

References