GroupWise WebAccess Javascript Cross-Site Scripting (XSS) Security Vulnerability
This document (7006375) is provided subject to the disclaimer at the end of this document.
Environment
Novell GroupWise 7
Novell GroupWise 8
Novell GroupWise WebAccess
Novell GroupWise 8
Novell GroupWise WebAccess
Situation
Novell GroupWise WebAccess is vulnerable to a Javascript XSS exploit in which viewing a specially formatted message could cause users to be redirected to a malicious website.
Affected versions:
GroupWise 7.0, 7.01, 7.02, 7.03x, 7.04
GroupWise 8.0, 8.01x
This vulnerability was discovered and reported by scriptjunkie scriptjunkie1 {nospam} googlemail {nospam} com working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com)
Novell bug 599865, ZDI-CAN-710, CVE-2010-2778
Affected versions:
GroupWise 7.0, 7.01, 7.02, 7.03x, 7.04
GroupWise 8.0, 8.01x
This vulnerability was discovered and reported by scriptjunkie scriptjunkie1 {nospam} googlemail {nospam} com working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com)
Novell bug 599865, ZDI-CAN-710, CVE-2010-2778
Resolution
For GroupWise 8, update to Support Pack 2 (SP2) or later.
For GroupWise 7 systems, apply the GroupWise 7.0 post-SP4 Field Test File (FTF)
For GroupWise 7 systems, apply the GroupWise 7.0 post-SP4 Field Test File (FTF)
Status
Security AlertDisclaimer
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7006375
- Creation Date:30-JUN-10
- Modified Date:27-APR-12
- NovellGroupWise
Did this document solve your problem? Provide Feedback