CVE-2005-0296 (GCVE-0-2005-0296)
Vulnerability from cvelistv5 – Published: 2005-02-10 05:00 – Updated: 2024-08-07 21:05
VLAI?
Summary
NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050127 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html"
},
{
"name": "20050121 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html"
},
{
"name": "13135",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/13135"
},
{
"name": "20050117 Novell GroupWise WebAccess error modules loading",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110608203729814\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.novell.com/servlet/tidfinder/10096251"
},
{
"name": "groupwise-error-auth-bypass(18954)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18954"
},
{
"name": "12285",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the \"about\" information page. NOTE: the vendor has disputed this issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050127 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html"
},
{
"name": "20050121 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html"
},
{
"name": "13135",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/13135"
},
{
"name": "20050117 Novell GroupWise WebAccess error modules loading",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110608203729814\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.novell.com/servlet/tidfinder/10096251"
},
{
"name": "groupwise-error-auth-bypass(18954)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18954"
},
{
"name": "12285",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12285"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the \"about\" information page. NOTE: the vendor has disputed this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050127 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)",
"refsource": "BUGTRAQ",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html"
},
{
"name": "20050121 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)",
"refsource": "FULLDISC",
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html"
},
{
"name": "13135",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/13135"
},
{
"name": "20050117 Novell GroupWise WebAccess error modules loading",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110608203729814\u0026w=2"
},
{
"name": "http://support.novell.com/servlet/tidfinder/10096251",
"refsource": "MISC",
"url": "http://support.novell.com/servlet/tidfinder/10096251"
},
{
"name": "groupwise-error-auth-bypass(18954)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18954"
},
{
"name": "12285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12285"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0296",
"datePublished": "2005-02-10T05:00:00",
"dateReserved": "2005-02-10T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"194704B6-4820-4398-8906-A1E529ED65AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E0DC694-0DEB-41DE-8A0D-9B649FC2F220\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:novell:groupwise:6.0:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"174646C1-60F8-4A84-9C0D-785303EBAF6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:novell:groupwise:6.0:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F5DFFF8-7DCF-48E0-B43E-269EA4F3AE75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:novell:groupwise:6.0:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2F5DF0E-8158-4D2E-88CC-BBD7A031054E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"08A78BE7-6426-41CD-BBAF-9BB951726D33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"E50599E1-45E5-443F-AAEC-F91778CA4792\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:novell:groupwise_webaccess:6.0:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"24B28BB6-4A33-4A61-9810-9AB26911B490\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:novell:groupwise_webaccess:6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57EFCA37-C863-4E22-B231-B0A10E65594E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:novell:groupwise_webaccess:6.5:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"5298016B-B6E3-4236-B99F-57353A495B3F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:novell:groupwise_webaccess:6.5:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"27060485-FD94-4E73-87B6-2AE940F02283\"}]}]}]",
"cveTags": "[{\"sourceIdentifier\": \"cve@mitre.org\", \"tags\": [\"disputed\"]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the \\\"about\\\" information page. NOTE: the vendor has disputed this issue\"}]",
"id": "CVE-2005-0296",
"lastModified": "2024-11-20T23:54:49.797",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2005-01-17T05:00:00.000",
"references": "[{\"url\": \"http://marc.info/?l=bugtraq\u0026m=110608203729814\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.novell.com/servlet/tidfinder/10096251\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/13135\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/12285\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/18954\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=110608203729814\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.novell.com/servlet/tidfinder/10096251\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/13135\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/12285\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/18954\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2005-0296\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-01-17T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[{\"sourceIdentifier\":\"cve@mitre.org\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the \\\"about\\\" information page. NOTE: the vendor has disputed this issue\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:groupwise:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"194704B6-4820-4398-8906-A1E529ED65AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:groupwise:6.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E0DC694-0DEB-41DE-8A0D-9B649FC2F220\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:groupwise:6.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"174646C1-60F8-4A84-9C0D-785303EBAF6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:groupwise:6.0:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F5DFFF8-7DCF-48E0-B43E-269EA4F3AE75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:groupwise:6.0:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2F5DF0E-8158-4D2E-88CC-BBD7A031054E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:groupwise:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AD18143-9962-4C0D-AD3D-66C0CF3FB5D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:groupwise:6.5:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"08A78BE7-6426-41CD-BBAF-9BB951726D33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:groupwise:6.5:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E50599E1-45E5-443F-AAEC-F91778CA4792\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:groupwise_webaccess:6.0:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"24B28BB6-4A33-4A61-9810-9AB26911B490\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:groupwise_webaccess:6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57EFCA37-C863-4E22-B231-B0A10E65594E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:groupwise_webaccess:6.5:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5298016B-B6E3-4236-B99F-57353A495B3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:novell:groupwise_webaccess:6.5:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"27060485-FD94-4E73-87B6-2AE940F02283\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=bugtraq\u0026m=110608203729814\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.novell.com/servlet/tidfinder/10096251\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/13135\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/12285\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18954\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=110608203729814\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.novell.com/servlet/tidfinder/10096251\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/13135\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/12285\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18954\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…