Vulnerabilities > CVE-2008-5696 - Credentials Management vulnerability in Novell Netware 6.5
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 10 |
Common Weakness Enumeration (CWE)
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 32657 CVE(CAN) ID: CVE-2008-5696 Novell Netware是一款商业性质的网络操作系统。 如果将OES2 Linux服务器安装在已运行NetWare的树结构上,则安装后用户无需输入口令便可以访问ApacheAdmin控制台,这允许远程攻击者通过控制台操作重新配置Apache HTTP服务器。 Novell Netware 6.5 Novell ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://support.novell.com/security-alerts target=_blank rel=external nofollow>http://support.novell.com/security-alerts</a> |
| id | SSV:4597 |
| last seen | 2017-11-19 |
| modified | 2008-12-26 |
| published | 2008-12-26 |
| reporter | Root |
| title | Novell Netware ApacheAdmin控制台空口令漏洞 |
References
- http://secunia.com/advisories/32989
- http://secunia.com/advisories/32989
- http://www.novell.com/support/viewContent.do?externalId=7001907
- http://www.novell.com/support/viewContent.do?externalId=7001907
- http://www.securityfocus.com/bid/32657
- http://www.securityfocus.com/bid/32657
- http://www.securitytracker.com/id?1021350
- http://www.securitytracker.com/id?1021350
- http://www.vupen.com/english/advisories/2008/3368
- http://www.vupen.com/english/advisories/2008/3368
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47104
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47104