CVE-2002-1437

Novell NetWare 5.1 and 6 - Directory Traversal via URL-Encoded Dot-Dot Backslash

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences.

References (4)

Core 4
Core References
Vendor Advisory x_refsource_confirm
http://support.novell.com/servlet/tidfinder/2963307
Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5522
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9915.php

Scores

EPSS 0.0460
EPSS Percentile 89.4%

Details

Status published
Products (2)
novell/netware 5.1 (2 CPE variants)
novell/netware 6.0 (2 CPE variants)
Published Apr 11, 2003
Tracked Since Feb 18, 2026