Novell Groupwise Servlet Manager Default Password

This script is Copyright (C) 2004-2016 David Kyger


Synopsis :

The remote host is reachable with known credential.

Description :

The Novell Groupwise servlet server is configured with a default
password. As a result, users could be denied access to mail and other
servlet based resources.

To test this finding:

https://<host>/servlet/ServletManager/

enter 'servlet' for the user and 'manager' for the password.

See also :

http://www.securityfocus.com/bid/3697

Solution :

Change the default password.

Edit SYS:\JAVA\SERVLETS\SERVLET.PROPERTIES

Change the username and password in this section
servlet.ServletManager.initArgs=datamethod=POST,user=servlet,password=manager,bgcolor

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:H/RL:W/RC:C)
Public Exploit Available : true

Family: Netware

Nessus Plugin ID: 12122 ()

Bugtraq ID: 3697

CVE ID: CVE-2001-1195

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now