Environment
Novell GroupWise WebAccess 7
Novell GroupWise WebAccess 6.5
Situation
A cross-site scripting flaw
exists with Novell GroupWise WebAccess within the login
page.
An outside
security researcher reported a cross-site scripting flaw in
GroupWise WebAccess.
This flaw is
due to insufficient sanitizationfor the form
variable GWAP.version.
Resolution
This has been fixed in any build of GroupWise 7 WebAccess
dated after July 27, 2006.
This has been fixed in any build of GroupWise 6.5
WebAccess dated after July 21, 2006.
Hot Patch for GroupWise 7 are available here: https://support.novell.com/filefinder/20641/beta.html
Field test files for GroupWise 6.5 are available here: https://support.novell.com/filefinder/16963/beta.html
Status
Security AlertAdditional Information
Vulnerability discovered by:
Jerome Odegaard.
Larson, Allen, Weishair & Co,.LLP
This vulnerability has been assigned the identifier CVE-2006-3818 by the CVE database.