CVE-2005-0296 - Vulnerability Details - OpenCVE

NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Novell	Groupwise Groupwise Webaccess

Configuration 1 [-]

OR	cpe:2.3:a:novell:groupwise:6.0:::::::*
	cpe:2.3:a:novell:groupwise:6.0:sp1::::::
	cpe:2.3:a:novell:groupwise:6.0:sp2::::::
	cpe:2.3:a:novell:groupwise:6.0:sp3::::::
	cpe:2.3:a:novell:groupwise:6.0:sp4::::::
	cpe:2.3:a:novell:groupwise:6.5:::::::*
	cpe:2.3:a:novell:groupwise:6.5:sp1::::::
	cpe:2.3:a:novell:groupwise:6.5:sp2::::::
	cpe:2.3:a:novell:groupwise_webaccess:6.0:sp4::::::
	cpe:2.3:a:novell:groupwise_webaccess:6.5:::::::*
	cpe:2.3:a:novell:groupwise_webaccess:6.5:sp1::::::
	cpe:2.3:a:novell:groupwise_webaccess:6.5:sp2::::::

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=110608203729814&w=2
http://support.novell.com/servlet/tidfinder/10096251
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html
http://www.osvdb.org/13135
http://www.securityfocus.com/bid/12285
https://exchange.xforce.ibmcloud.com/vulnerabilities/18954

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-02-10T05:00:00

Updated: 2024-08-07T21:05:25.550Z

Reserved: 2005-02-10T00:00:00

Link: CVE-2005-0296

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-01-17T05:00:00.000

Modified: 2024-11-20T23:54:49.797

Link: CVE-2005-0296

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-01-17T00:00:00", "descriptions": [{"lang": "en", "value": "NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the \"about\" information page. NOTE: the vendor has disputed this issue"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20050127 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html"}, {"name": "20050121 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html"}, {"name": "13135", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/13135"}, {"name": "20050117 Novell GroupWise WebAccess error modules loading", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=110608203729814&w=2"}, {"tags": ["x_refsource_MISC"], "url": "http://support.novell.com/servlet/tidfinder/10096251"}, {"name": "groupwise-error-auth-bypass(18954)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18954"}, {"name": "12285", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/12285"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0296", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the \"about\" information page. NOTE: the vendor has disputed this issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20050127 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)", "refsource": "BUGTRAQ", "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html"}, {"name": "20050121 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)", "refsource": "FULLDISC", "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html"}, {"name": "13135", "refsource": "OSVDB", "url": "http://www.osvdb.org/13135"}, {"name": "20050117 Novell GroupWise WebAccess error modules loading", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=110608203729814&w=2"}, {"name": "http://support.novell.com/servlet/tidfinder/10096251", "refsource": "MISC", "url": "http://support.novell.com/servlet/tidfinder/10096251"}, {"name": "groupwise-error-auth-bypass(18954)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18954"}, {"name": "12285", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12285"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T21:05:25.550Z"}, "title": "CVE Program Container", "references": [{"name": "20050127 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html"}, {"name": "20050121 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html"}, {"name": "13135", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/13135"}, {"name": "20050117 Novell GroupWise WebAccess error modules loading", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=110608203729814&w=2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://support.novell.com/servlet/tidfinder/10096251"}, {"name": "groupwise-error-auth-bypass(18954)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18954"}, {"name": "12285", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/12285"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0296", "datePublished": "2005-02-10T05:00:00", "dateReserved": "2005-02-10T00:00:00", "dateUpdated": "2024-08-07T21:05:25.550Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "194704B6-4820-4398-8906-A1E529ED65AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "5E0DC694-0DEB-41DE-8A0D-9B649FC2F220", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "174646C1-60F8-4A84-9C0D-785303EBAF6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "5F5DFFF8-7DCF-48E0-B43E-269EA4F3AE75", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "A2F5DF0E-8158-4D2E-88CC-BBD7A031054E", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "08A78BE7-6426-41CD-BBAF-9BB951726D33", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "E50599E1-45E5-443F-AAEC-F91778CA4792", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "24B28BB6-4A33-4A61-9810-9AB26911B490", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "57EFCA37-C863-4E22-B231-B0A10E65594E", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "5298016B-B6E3-4236-B99F-57353A495B3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:groupwise_webaccess:6.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "27060485-FD94-4E73-87B6-2AE940F02283", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the \"about\" information page. NOTE: the vendor has disputed this issue"}], "id": "CVE-2005-0296", "lastModified": "2024-11-20T23:54:49.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-01-17T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=110608203729814&w=2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://support.novell.com/servlet/tidfinder/10096251"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/13135"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/12285"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18954"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=110608203729814&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://support.novell.com/servlet/tidfinder/10096251"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/13135"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/12285"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18954"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}