Novell NetWare Web Server sewse.nlm (viewcode.jse) Traversal Arbitrary File Access

Medium Nessus Plugin ID 12048


The remote web server contains a JavaScript application that is affected by an information disclosure vulnerability.


The installed version of Nombas ScriptEase Web Server Edition for NetWare on the remote host fails to sanitize input to the 'sewse.nlm' page and associated 'viewcode.jse' script before using it to display the source code of a file.

By passing in a specially crafted URL argument, an attacker can view the contents of files, even files outside the web root. This can lead to disclosure of sensitive information from the affected host, such as the RCONSOLE password located in AUTOEXEC.NCF.


Remove all sample scripts from the web server.

See Also

Plugin Details

Severity: Medium

ID: 12048

File Name: novell_viewcode.nasl

Version: 1.23

Type: remote

Family: Netware

Published: 2004/02/06

Modified: 2018/11/15

Dependencies: 10107

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Exploit Available: false

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Patch Publication Date: 2001/06/15

Vulnerability Publication Date: 2001/12/12

Reference Information

CVE: CVE-2001-1580

BID: 3715