Novell NetWare Web Handler Multiple Vulnerabilities
High Nessus Plugin ID 11158
SynopsisThe remote host is vulnerable to several flaws.
DescriptionNovell NetWare contains multiple default web server installations. The NetWare Enterprise Web Server (Netscape/IPlanet) has a perl handler that will run arbitrary code given in a POST request. Versions 5.x (through SP4) and 6.x (through SP1) are affected.
SolutionInstall 5.x SP5 or 6.0 SP2.
Additionally, the enterprise manager web interface may be used to unmap the /perl handler entirely. If it is not being used, minimizing this service would be appropriate.