Description
NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue
Product(s):
- Novell Groupwise 6.0
- Novell GroupWise 6.0 SP1
- Novell GroupWise 6.0 SP2
- Novell GroupWise 6.0 SP3
- Novell GroupWise 6.0 SP4
- Novell Groupwise 6.5
- Novell Groupwise 6.5 SP1
- Novell Groupwise 6.5 SP2
- Novell Groupwise 6.5 SP3
- Novell Groupwise 6.5 SP4
- Novell Groupwise 6.5 SP5
- Novell Groupwise 6.5 SP6
- Novell GroupWise WebAccess 6.0 SP4
- Novell GroupWise WebAccess 6.5
- Novell GroupWise WebAccess 6.5 SP1
- Novell GroupWise WebAccess 6.5 SP2
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-0296, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-0296 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.