SecureScoutLogo.jpg
Novell Netware Resources Information Disclosure Vulnerability



Go to Vulnerabilities List

General Info

TC: 12069
Description: Novell Netware offers several web interfaces to allow administrators to manage their servers and users. Unfortunately one of this interface running by default on TCP port 8009 allows anyone if not configured and secured with best practices, to disclose sensitive information about the server such as Lan Adapters and Mass storage capacity.
TC Impact: Gather Info
Service: Novell_Admin


Specific Operations and Actions:

Vulnerability Publication: March 27, 2003
Advisory Copyright: N.A.
Summary: An attacker can disclose sensitive information about your server and compromise your novell server
Risk: Medium
CVSS 2.0 metrics: Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
CVSS 2.0 Base Score: 5.0
Vulnerability Impact: Gather Info
Host Impact: Information file disclosure allowing attacker to gain useful information about server's resources.
Nature of Remediation: Change the configuration.
Step required to fix the reported vulnerability:

***** Solution type: Update Configuration *****

Restrict access to TCP port 443 and 8009 to Inbound connections.


Glossary and References :

References:
* MISC:
http://www.novell.com

CVE Link: GENERIC-MAP-NOMATCH
 CVE Compatible

Glossary: Information Disclosure

© 2003-2010 NexantiS Corporation (www.securescout.com)
SecureScout is a trademark of NexantiS
All Rights Reserved
All products names referenced herein are trademarks of their respective companies

SecureScout products are certified:
CVE Compatible
SANS TOP 20 Compatible
CVSS Compatible (Common Vulnerability Scoring System)