CVE-2004-2734
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
31/12/2004
Last modified:
03/04/2025
Description
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:novell:netware:6.5:sp1:*:*:*:*:*:* | ||
| cpe:2.3:o:novell:netware:6.5:sp1.1a:*:*:*:*:*:* | ||
| cpe:2.3:o:novell:netware:6.5:sp1.1b:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/12049
- http://securitytracker.com/id?1011012=
- http://support.novell.com/cgi-bin/search/searchtid.cgi?%2F10094233_htm=
- http://www.osvdb.org/9103
- http://www.securityfocus.com/bid/11000
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40478
- http://secunia.com/advisories/12049
- http://securitytracker.com/id?1011012=
- http://support.novell.com/cgi-bin/search/searchtid.cgi?%2F10094233_htm=
- http://www.osvdb.org/9103
- http://www.securityfocus.com/bid/11000
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40478