Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2104 — Netware vulnerability

7 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

7.0%

top 8.53%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Novell Netware

Timeline

PublishedDec 31

Latest updateApr 29

Description

Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDnovell/netware5.1, 6.0+1

🔴Vulnerability Details

GHSA

GHSA-p32j-h3v4-x5w6: Novell NetWare Enterprise Web Server 5↗2022-04-29

▶

CVEList

CVE-2004-2104: Novell NetWare Enterprise Web Server 5↗2005-05-27

▶

💥Exploits & PoCs

Exploit-DB

Novell Netware Enterprise Web Server 5.1/6.0 SnoopServlet - Information Disclosure↗2004-01-23

▶

Exploit-DB

Novell Netware Enterprise Web Server 5.1/6.0 - env.bas Information Disclosure↗2004-01-23

▶

Exploit-DB

Novell Netware Enterprise Web Server 5.1/6.0 - snoop.jsp Information Disclosure↗2004-01-23

▶