Novell GroupWise WebAccess component cross-site scripting

novell-groupwise-webaccess-xss (21421)

Medium Risk

Description:

Novell GroupWise is vulnerable to cross-site scripting caused by improper validation of user-supplied input in the WebAccess component. A remote attacker could send a malicious URL containing embedded code which, once the link is clicked, would be executed in the victim's Web browser within the security context of the hosting site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Platforms Affected:

• Novell, GroupWise WebAccess 6.0 SP4
• Novell, GroupWise WebAccess 6.5 SP4
• Novell, GroupWise WebAccess 6.5 SP2
• Novell, GroupWise WebAccess 6.5 SP1
• Novell, GroupWise WebAccess 6.5
• Novell, GroupWise WebAccess 6.5 SP3

Remedy:

Upgrade to the latest version of Novell GroupWise (6.5 dated after 2005-07-11 or SP5 Field Test File revision D or later), available from the Novell Download Web page. See References.

Consequences:

Gain Access

References:

• BugTraq Mailing List, Tue Jul 19 2005 - 07:46:55 CDT, [ISR] - Novell Groupwise WebAccess Cross-Site Scripting at http://archives.neohapsis.com/archives/bugtraq/2005-07/0322.html.
• Novell Downloads Web site, Novell Downloads at http://download.novell.com/index.jsp?search=Search&families=2650&x=17&y=11.
• Novell GroupWise Web page, Groupwise at http://www.novell.com/products/groupwise/.
• Novell Security Advisory TID10098301 , Cross-site scripting vulnerability in Webaccess at http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098301.htm.
• Novell Security Advisory TID2971890 , FTF: GroupWise 6.5.5 WebAccess Rev D (NW/Win) at http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971890.htm.
• BID-14310: Novell GroupWise WebAccess HTML Injection Vulnerability
• BID-25126: Novell GroupWise WebAccess User.Id Parameter Cross Site Scripting Vulnerability
• CVE-2005-2276: Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. jAvascript in an IMG tag.
• OSVDB ID: 18064: Novell GroupWise WebAccess E-Mail IMG SRC XSS
• SA16098: Novell GroupWise WebAccess Script Insertion Vulnerability
• SECTRACK ID: 1014515: Novell GroupWise Webaccess Lets Remote Users Conduct Cross-Site Scripting Attacks

Reported:

Jul 19, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page