Vulnerabilities > CVE-2008-5696 - Credentials Management vulnerability in Novell Netware 6.5

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
novell
CWE-255
critical

Summary

Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.

Vulnerable Configurations

Part Description Count
OS
Novell
10

Common Weakness Enumeration (CWE)

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 32657 CVE(CAN) ID: CVE-2008-5696 Novell Netware是一款商业性质的网络操作系统。 如果将OES2 Linux服务器安装在已运行NetWare的树结构上,则安装后用户无需输入口令便可以访问ApacheAdmin控制台,这允许远程攻击者通过控制台操作重新配置Apache HTTP服务器。 Novell Netware 6.5 Novell ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://support.novell.com/security-alerts target=_blank rel=external nofollow>http://support.novell.com/security-alerts</a>
idSSV:4597
last seen2017-11-19
modified2008-12-26
published2008-12-26
reporterRoot
titleNovell Netware ApacheAdmin控制台空口令漏洞