HTTP: Novell GroupWise WebAccess Cross Site Scripting Attempt
This signature detects attempts to exploit a known vulnerability against GroupWise WebAccess. Attackers can bypass security restrictions to conduct a cross-site scripting attack.
Extended Description
Novell GroupWise WebAccess is prone to multiple security vulnerabilities. An attacker may leverage these issues to bypass certain security restrictions or conduct cross-site scripting attacks. Note that some of the issues may be related to BID 35061. We will update this BID as more information emerges. Versions prior to WebAccess 7.03 HP3 and 8.0.0 HP2 are vulnerable.
Affected Products
Novell groupwise
References
BugTraq: 35066
CVE: CVE-2009-1635
URL: http://www.novell.com/support/viewContent.do?externalId=7003267&sliceId=1
Short Name
HTTP:NOVELL:WEBACC-MODIFY
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Attempt CVE-2009-1635 Cross GroupWise Novell Scripting Site WebAccess bid:35066
Release Date
06/09/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Novell
CVSS Score
4.3