SynopsisSensitive data can be read on the remote data.
DescriptionThe Apache Tomcat server distributed with NetWare 6.0 has a directory traversal vulnerability. As a result, sensitive information could be obtained from the NetWare server, such as the RCONSOLE password located in AUTOEXEC.NCF.
SolutionUpgrade Tomcat to the latest version, or disable the service if it is not required.
Remove default files from the web server. Also, ensure the RCONSOLE password is encrypted and utilize a password protected screensaver for console access.
File Name: netware_tomcat_sourcecode_viewer.nasl
CPE: cpe:/o:novell:netware, cpe:/a:apache:tomcat
Vulnerability Publication Date: 3/21/2000