CVE-2008-5696

Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/32989	Vendor Advisory
http://www.novell.com/support/viewContent.do?externalId=7001907
http://www.securityfocus.com/bid/32657
http://www.securitytracker.com/id?1021350
http://www.vupen.com/english/advisories/2008/3368
https://exchange.xforce.ibmcloud.com/vulnerabilities/47104

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:novell:netware::sp7::::::*
	cpe:2.3:o:novell:netware:6.5:::::::*
	cpe:2.3:o:novell:netware:6.5:sp1::::::
	cpe:2.3:o:novell:netware:6.5:sp1.1a::::::
	cpe:2.3:o:novell:netware:6.5:sp1.1b::::::
	cpe:2.3:o:novell:netware:6.5:sp2::::::
	cpe:2.3:o:novell:netware:6.5:sp3::::::
	cpe:2.3:o:novell:netware:6.5:sp4::::::
	cpe:2.3:o:novell:netware:6.5:sp5::::::
	cpe:2.3:o:novell:netware:6.5:sp6::::::

History

No history.

Information

Published : 2008-12-19 18:30

Updated : 2017-08-08 01:33

NVD link : CVE-2008-5696

Mitre link : CVE-2008-5696

CVE.ORG link : CVE-2008-5696

JSON object : View

Products Affected

novell

netware

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2008-5696", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-12-19T18:30:00.483", "references": [{"url": "http://secunia.com/advisories/32989", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.novell.com/support/viewContent.do?externalId=7001907", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32657", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1021350", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/3368", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47104", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations."}, {"lang": "es", "value": "Novell NetWare 6.5, en versiones anteriores al Support Pack 8, cuando un servidor Linux OES2 se instala en el \u00e1rbol NDS, no requiere una contrase\u00f1a para la consola ApacheAdmin, lo que permite a atacantes remotos reconfigurar el Servidor HTTP Apache a trav\u00e9s de operaciones de consola."}], "lastModified": "2017-08-08T01:33:28.453", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:novell:netware:*:sp7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "174FE537-D73F-4230-AED1-B9F1C4182C08", "versionEndIncluding": "6.5"}, {"criteria": "cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D328A81E-DC60-4B67-B707-F0AD9A6F48E2"}, {"criteria": "cpe:2.3:o:novell:netware:6.5:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CEB9CEA-9245-490F-88F6-EFD23B11A19B"}, {"criteria": "cpe:2.3:o:novell:netware:6.5:sp1.1a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0669D0E2-AB83-44AE-A87C-C7EB7AA2953A"}, {"criteria": "cpe:2.3:o:novell:netware:6.5:sp1.1b:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "062E2A9A-CF88-4844-B5A1-7418722087D9"}, {"criteria": "cpe:2.3:o:novell:netware:6.5:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F8E031C-CE1F-410F-8F32-B3E33719C498"}, {"criteria": "cpe:2.3:o:novell:netware:6.5:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87F80FDC-7851-4EA8-BC7D-87B85C6BB93C"}, {"criteria": "cpe:2.3:o:novell:netware:6.5:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C3AB68F-1D78-4217-9C56-B1B25F62FF38"}, {"criteria": "cpe:2.3:o:novell:netware:6.5:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F7A41C8-4332-4F8C-A297-6850C05B3EB6"}, {"criteria": "cpe:2.3:o:novell:netware:6.5:sp6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DC7371E-6D35-4C9A-B688-E14391D9B953"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}