Novell GroupWise MTA Web Console Accessible

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote web server allows unauthenticated access to administrative
tools.

Description :

The remote web server is a Novell GroupWise MTA Web Console, used to
monitor and potentially control a GroupWise MTA via a web browser.

By allowing unauthenticated access, anyone may be able to do things
such as discover the version of GroupWise installed on the remote host
and its configuration, track GroupWise message traffic, or change the
MTA's configuration settings.

See also :

http://www.novell.com/documentation/gw65/gw65_admin/data/a7xzvr1.html
http://www.novell.com/documentation/gw7/gw7_admin/data/a7xzvr1.html
http://www.novell.com/documentation/gw8/gw8_admin/data/a7xzvr1.html

Solution :

Consult the GroupWise Administration Guide for information about
restricting access to the MTA Web Console.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Web Servers

Nessus Plugin ID: 35725 (groupwise_mta_http_accessible.nasl)

Bugtraq ID:

CVE ID: