CVE-2004-2734 — Improper Authentication in Netware

CWE-287 — Improper Authentication3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

1.6%

top 18.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Novell Netware

Timeline

PublishedDec 31

Latest updateApr 29

Description

webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDnovell/netware6.5

🔴Vulnerability Details

GHSA

GHSA-5824-6p3v-vcx4: webadmin-apache↗2022-04-29

▶

CVEList

CVE-2004-2734: webadmin-apache↗2007-10-09

▶