CVE-2005-0296
First published: Mon Jan 17 2005(Updated: )
** DISPUTED ** NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Micro Focus GroupWise | =6.0 | |
| Micro Focus GroupWise | =6.0-sp1 | |
| Micro Focus GroupWise | =6.0-sp2 | |
| Micro Focus GroupWise | =6.0-sp3 | |
| Micro Focus GroupWise | =6.0-sp4 | |
| Micro Focus GroupWise | =6.5 | |
| Micro Focus GroupWise | =6.5-sp1 | |
| Micro Focus GroupWise | =6.5-sp2 | |
| Novell GroupWise WebAccess | =6.0-sp4 | |
| Novell GroupWise WebAccess | =6.5 | |
| Novell GroupWise WebAccess | =6.5-sp1 | |
| Novell GroupWise WebAccess | =6.5-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html
- http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html
- http://support.novell.com/servlet/tidfinder/10096251
- http://www.securityfocus.com/bid/12285
- http://www.osvdb.org/13135
- http://marc.info/?l=bugtraq&m=110608203729814&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18954
Frequently Asked Questions
What is the severity of CVE-2005-0296?
The severity of CVE-2005-0296 is considered to be high due to the potential for unauthorized information disclosure.
How do I fix CVE-2005-0296?
To address CVE-2005-0296, it is recommended to upgrade to a patched version of Novell GroupWise or implement access controls to limit unauthenticated access.
Does CVE-2005-0296 affect all versions of Novell GroupWise?
CVE-2005-0296 specifically affects Novell GroupWise 6.0 and 6.5, particularly versions with certain service packs.
What type of information can be accessed due to CVE-2005-0296?
CVE-2005-0296 allows attackers to potentially read sensitive information such as the version of the application.
Is there a workaround for CVE-2005-0296 if immediate updates cannot be applied?
A possible workaround for CVE-2005-0296 includes modifying error handling and restricting access to the error module.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/severity
- agent/status
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/last-modified-date
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/novell
- product/groupwise
- canonical/novell groupwise
- product/groupwise webaccess
- canonical/novell groupwise webaccess
- collector/nvd-index
- agent/author
- agent/softwarecombine
- agent/tags
- version/novell groupwise/6.0
- version/novell groupwise/6.0-sp1
- version/novell groupwise/6.0-sp2
- version/novell groupwise/6.0-sp3
- version/novell groupwise/6.0-sp4
- version/novell groupwise/6.5
- version/novell groupwise/6.5-sp1
- version/novell groupwise/6.5-sp2
- version/novell groupwise webaccess/6.0-sp4
- version/novell groupwise webaccess/6.5
- version/novell groupwise webaccess/6.5-sp1
- version/novell groupwise webaccess/6.5-sp2
- status/disputed