Potential XSS security vulnerability in Welcome web-app

This document (3319127) is provided subject to the disclaimer at the end of this document.

Environment

Novell Apache on NetWare 2.0.48

Novell NetWare 6.5 Support Pack 5

Novell NetWare 6.5 Support Pack 6

Situation

A potential Cross-Site Scripting vulnerability has been reported against the Welcome web-app on NetWare 6.5.

Resolution

This was resolved with NetWare 6.5 Support Pack 7 and newer.

Another work-around is to disable the Welcome web-app.

To disable the Welcome Web-app, remark out the following line in SYS:APACHE2/CONF/HTTPD.CONF:

Include"SYS:/adminsrv/webapps/welcome/web-inf/welcome-apache.conf"

by putting a'#' character in front of it, like this:

# Include"SYS:/adminsrv/webapps/welcome/web-inf/welcome-apache.conf"

Status

Reported to Engineering
Security Alert

Bug Number

227730

Document

Document ID:	3319127
Creation Date:	01-08-2007
Modified Date:	12-24-2008
Novell Product:	Apache
Novell Product:	NetWare

Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.