Novell NetWare Web Server sewse.nlm (viewcode.jse) Traversal Arbitrary File Access
Medium Nessus Plugin ID 12048
DescriptionThe installed version of Nombas ScriptEase Web Server Edition for NetWare on the remote host fails to sanitize input to the 'sewse.nlm' page and associated 'viewcode.jse' script before using it to display the source code of a file.
By passing in a specially crafted URL argument, an attacker can view the contents of files, even files outside the web root. This can lead to disclosure of sensitive information from the affected host, such as the RCONSOLE password located in AUTOEXEC.NCF.
SolutionRemove all sample scripts from the web server.