Detections
Analytics

Novell GroupWise 'FileUploadServlet' Arbitrary File Access Vulnerability

high Nessus Plugin ID 77474

Language:

Synopsis

The remote host is affected by an arbitrary file access vulnerability.

Description

The remote Novell GroupWise administration console is affected by an arbitrary file access vulnerability that allows attackers to access and delete arbitrary files on the affected system.

Solution

Upgrade to GroupWise 2014 SP1 or higher.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-14-296/

https://support.microfocus.com/kb/doc.php?id=7015566

Plugin Details

Severity: High

ID: 77474

File Name: novell_groupwise_admin_console_file_upload_servlet.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 9/2/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Vulnerability Information

CPE: cpe:/a:novell:groupwise

Required KB Items: installed_sw/Novell GroupWise Admin Console

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 8/26/2014

Vulnerability Publication Date: 8/26/2014

Reference Information

CVE: CVE-2014-0600

BID: 69424