Novell NetWare Web Server sewse.nlm (viewcode.jse) Traversal Arbitrary File Access

medium Nessus Plugin ID 12048



The remote web server contains a JavaScript application that is affected by an information disclosure vulnerability.


The installed version of Nombas ScriptEase Web Server Edition for NetWare on the remote host fails to sanitize input to the 'sewse.nlm' page and associated 'viewcode.jse' script before using it to display the source code of a file.

By passing in a specially crafted URL argument, an attacker can view the contents of files, even files outside the web root. This can lead to disclosure of sensitive information from the affected host, such as the RCONSOLE password located in AUTOEXEC.NCF.


Remove all sample scripts from the web server.

See Also

Plugin Details

Severity: Medium

ID: 12048

File Name: novell_viewcode.nasl

Version: 1.24

Type: remote

Family: Netware

Published: 2/6/2004

Updated: 6/12/2020

Risk Information


Risk Factor: Low

Score: 3.4


Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Patch Publication Date: 6/15/2001

Vulnerability Publication Date: 12/12/2001

Reference Information

CVE: CVE-2001-1580

BID: 3715