header-logo
Suggest Exploit
vendor:
Netware Enterprise Web Server
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-site scripting, Information Disclosure, File Upload
79
CWE
Product Name: Netware Enterprise Web Server
Affected Version From: Novell Netware Enterprise Web Server 5.1
Affected Version To: Novell Netware Enterprise Web Server 6.0
Patch Exists: YES
Related CWE: CVE-2002-0478
CPE: a:novell:netware_enterprise_web_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2002

Multiple vulnerabilities in Novell Netware Enterprise Web Server

Novell Netware Enterprise Web Server is vulnerable to cross-site scripting attacks, information disclosure, and file uploads. An attacker can exploit this vulnerability by sending a specially crafted URL to the vulnerable server, which will allow the attacker to execute arbitrary JavaScript code, disclose sensitive information, and upload malicious files.

Mitigation:

Novell has released a patch to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9479/info
  
Multiple vulnerabilities have been identified in Novell Netware Enterprise Web Server that may allow an attacker to carry out cross-site scripting attacks, disclose sensitive information, and load potentially malicious files on a vulnerable server. 

http://www.example.com/servlet/SnoopServlet

Navigation

Suggest Exploit

Services By CQR