This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.
The remote host has an application that is susceptible to a directory
The installed version of GroupWise WebAccess fails to perform
sufficient validation on a user specified file name supplied via the
'filename' parameter before returning the contents of the file.
By supplying directory traversal strings such as '../' in a specially
crafted 'GET' request, it may be possible for an attacker to read
arbitrary files from the remote system.
See also :
Apply 8.02 Hot Patch 1 or later.
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true