Novell NetWare Web Handler Multiple Vulnerabilities

high Nessus Plugin ID 11158


The remote host is vulnerable to several flaws.


Novell NetWare contains multiple default web server installations. The NetWare Enterprise Web Server (Netscape/IPlanet) has a perl handler that will run arbitrary code given in a POST request. Versions 5.x (through SP4) and 6.x (through SP1) are affected.


Install 5.x SP5 or 6.0 SP2.

Additionally, the enterprise manager web interface may be used to unmap the /perl handler entirely. If it is not being used, minimizing this service would be appropriate.

Plugin Details

Severity: High

ID: 11158

File Name: netware_post_perl.nasl

Version: 1.21

Type: remote

Family: Netware

Published: 11/21/2002

Updated: 6/12/2020

Risk Information


Risk Factor: Medium

Score: 6.6


Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:novell:netware

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/20/2002

Reference Information

CVE: CVE-2002-1436, CVE-2002-1437, CVE-2002-1438

BID: 5520, 5521, 5522