cbcvebase.
CVE-2012-0419
published 2012-09-28

CVE-2012-0419: Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote…

PriorityP349medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
41.84%
98.5th percentile
Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request.

Affected

5 ranges
VendorProductVersion rangeFixed in
novellgroupwise
novellgroupwise
novellgroupwise
novellgroupwise
novellgroupwise

Detection & IOCsextracted from sources · hover to see the quote

url/../../../../../../../../../../../windows/win.ini
  • Monitor HTTP requests to Novell GroupWise agent HTTP interfaces (Post Office Agent and Message Transfer Agent web interfaces) containing directory traversal sequences (e.g., '../' or URL-encoded equivalents) in the URI path.
  • Flag inbound HTTP GET requests to GroupWise agent ports containing repeated '../' or '%2e%2e%2f' sequences traversing beyond the web root, particularly targeting OS files such as win.ini or /etc/passwd.
  • This vulnerability is exploitable remotely without authentication; alert on unauthenticated HTTP requests to GroupWise agent HTTP listener ports containing traversal patterns.
  • ·Affected versions are Novell GroupWise 8.0 before Support Pack 3 and GroupWise 2012 before Support Pack 1. Patched versions are not vulnerable; ensure SP3 (GW 8.0) or SP1 (GW 2012) or later is applied before relying solely on network detection.
  • ·Metasploit module was tested on Novell GroupWise 8.02 HP2 over Windows 2003 SP2; behavior or traversal depth may differ on other OS platforms (e.g., Linux-hosted GroupWise).
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.