Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-1005 — Enterprise Server vulnerability

4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
1.7%
top 17.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Netscape Enterprise ServerNovell Groupwise
Timeline
PublishedDec 19
Latest updateApr 30

Description

Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

â–¶NVDnovell/groupwise5.2, 5.5+1

🔴Vulnerability Details

2
GHSA
GHSA-wjwc-hc6j-xvf2: Groupwise web server GWWEB↗2022-04-30
â–¶
CVEList
CVE-1999-1005: Groupwise web server GWWEB↗2000-04-25
â–¶

💥Exploits & PoCs

1
Exploit-DB
Netscape Enterprise Server / Novell Groupwise 5.2/5.5 - 'GWWEB.EXE' Multiple Vulnerabilities↗1999-12-19
â–¶
CVE-1999-1005 — Enterprise Server vulnerability | cvebase