Novell: >> Groupwise >> 5.5 Security Vulnerabilities
GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix.
CVSS Score
5.0
EPSS Score
0.017
Published
2001-08-14
GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get".
CVSS Score
5.0
EPSS Score
0.007
Published
2001-08-14
Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies.
CVSS Score
5.0
EPSS Score
0.004
Published
2001-06-27
The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet.
CVSS Score
5.0
EPSS Score
0.016
Published
2000-02-07
Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.
CVSS Score
5.0
EPSS Score
0.017
Published
1999-12-19
Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter.
CVSS Score
5.0
EPSS Score
0.003
Published
1999-12-19
Page 3