Netware 6.0 Tomcat Source Code Viewer Network Vulnerability

Summary

The Apache Tomcat server distributed with Netware 6.0 has a directory traversal vulnerability. As a result, sensitive information could be obtained from the Netware server, such as the RCONSOLE password located in AUTOEXEC.NCF. Example : http://target/examples/jsp/source.jsp?%2e%2e/%2e%2e/%2e%2e/%2e%2e/system/autoexec.ncf

Solution

Remove default files from the web server. Also, ensure the RCONSOLE password is encrypted and utilize a password protected screensaver for console access.

Severity

Classification

CVE CVE-2000-1210
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Netware Web Server Sample Page Source Disclosure
Netware LDAP search request
Netware NDS Object Enumeration
Novell Netbasic Scripting Server Directory Traversal
Default Novonyx Web Server Files

Netware 6.0 Tomcat source code viewer

Take action and discover your vulnerabilities