Test ID:	1.3.6.1.4.1.25623.1.0.12048
Category:	Web Servers
Title:	Netware Web Server Sample Page Source Disclosure
Summary:	On a Netware Web Server, viewcode.jse allows the source code of web pages to; be viewed.
Description:	Summary: On a Netware Web Server, viewcode.jse allows the source code of web pages to be viewed. Vulnerability Insight: As an argument, a URL is passed to sewse.nlm. The URL can be altered and will permit files outside of the web root to be viewed. As a result, sensitive information could be obtained from the Netware server, such as the RCONSOLE password located in AUTOEXEC.NCF. Example: http://example.com//lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist+httplist/../../../../../system/autoexec.ncf Solution: Remove sample NLMs and default files from the web server. Also, ensure the RCONSOLE password is encrypted and utilize a password protected screensaver for console access. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2001-1580 BugTraq ID: 3715 http://www.securityfocus.com/bid/3715 Bugtraq: 20011219 IRM Security Advisory 002: Netware Web Server Source Disclosure (Google Search) http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-12/0204.html Bugtraq: 20011220 Re: IRM Security Advisory 002: Netware Web Server Source Disclosure (Google Search) http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-12/0218.html http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-12/0221.html XForce ISS Database: netware-webserver-directory-traversal(7726) https://exchange.xforce.ibmcloud.com/vulnerabilities/7726
Copyright	Copyright (C) 2002 David Kyger

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.