Novell NetBasic Scripting Server Encoded Traversal Arbitrary File Access

Medium Nessus Plugin ID 12050

Synopsis

The remote host is vulnerable to information disclosure.

Description

Novell Netbasic Scripting Server Directory Traversal

It is possible to escape out of the root directory of the scripting server by substituting a forward or backward slash for %5C. As a result, system information, such as environment and user information, could be obtained from the NetWare server.

Example: http://server/nsn/..%5Cutil/userlist.bas

Solution

Apply the relevant patch and remove all default files from their respective directories.

Plugin Details

Severity: Medium

ID: 12050

File Name: novell_netbasic_directory_traversal.nasl

Version: 1.18

Type: remote

Family: Netware

Published: 2004/02/09

Modified: 2018/07/16

Dependencies: 10107, 17975

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2002/08/13

Vulnerability Publication Date: 2002/08/20

Reference Information

CVE: CVE-2002-1417

BID: 5523