Signature Detail

HTTP: Novell GroupWise WebAccess Cross Site Scripting Attempt

This signature detects attempts to exploit a known vulnerability against GroupWise WebAccess. Attackers can bypass security restrictions to conduct a cross-site scripting attack.

Extended Description

Novell GroupWise WebAccess is prone to multiple security vulnerabilities. An attacker may leverage these issues to bypass certain security restrictions or conduct cross-site scripting attacks. Note that some of the issues may be related to BID 35061. We will update this BID as more information emerges. Versions prior to WebAccess 7.03 HP3 and 8.0.0 HP2 are vulnerable.

Affected Products

• Novell Groupwise 7.0.0
• Novell Groupwise 7.0.0 SP1
• Novell Groupwise 7.0.0 SP2
• Novell Groupwise 7.0.0 SP3
• Novell Groupwise 7.01
• Novell Groupwise 7.02X
• Novell Groupwise 7.03
• Novell Groupwise 7.03Hp1a
• Novell Groupwise 7.03 HP2
• Novell Groupwise 8.0
• Novell Groupwise 8.0 HP1

References

• BugTraq: 35066
• CVE: CVE-2009-1635
• URL: http://www.novell.com/support/viewContent.do?externalId=7003267&sliceId=1