CVE-2002-1436

Novell NetWare 5.1 and 6 - Remote Code Execution via Perl Web Handler

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1436. PoCs published by Dan Elder.

AI-analyzed exploit summary This exploit targets a vulnerability in Novell NetWare's Perl handler for HTTP requests, allowing arbitrary Perl code execution. It crafts a malicious HTTP POST request to execute commands, read/write files, or potentially execute system commands on vulnerable systems.

Description

The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Dan Elder · perlremotenovell
https://www.exploit-db.com/exploits/21731

This exploit targets a vulnerability in Novell NetWare's Perl handler for HTTP requests, allowing arbitrary Perl code execution. It crafts a malicious HTTP POST request to execute commands, read/write files, or potentially execute system commands on vulnerable systems.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell NetWare (versions 5.1, 5.1 SP4, 6.0, 6.0 SP1 with Perl 5.003)
No auth needed
Prerequisites: Target must be running vulnerable Novell NetWare with Perl 5.003 · Perl CGI handler must be accessible via HTTP
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9916.php
Vendor Advisory x_refsource_confirm
http://support.novell.com/servlet/tidfinder/2963307
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5520
Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html

Scores

EPSS 0.0716
EPSS Percentile 93.5%

Details

Status published
Products (2)
novell/netware 5.1 (2 CPE variants)
novell/netware 6.0 (2 CPE variants)
Published Apr 11, 2003
Tracked Since Feb 18, 2026