CVE-2009-1634

Novell GroupWise <7.03 HP3-8.0 HP2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1634. PoCs published by Gregory Duchemin.

AI-analyzed exploit summary This is a functional XSS exploit for Novell GroupWise WebAccess that bypasses security restrictions by using an obfuscated onload event handler to extract the session token and inject an iframe, modifying the user's signature. The exploit leverages a space character to evade the security parser.

Description

The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gregory Duchemin · textremotemultiple

https://www.exploit-db.com/exploits/33007

View Code ZIP pw:eip

This is a functional XSS exploit for Novell GroupWise WebAccess that bypasses security restrictions by using an obfuscated onload event handler to extract the session token and inject an iframe, modifying the user's signature. The exploit leverages a space character to evade the security parser.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Novell GroupWise WebAccess < 7.03 HP3, < 8.0.0 HP2

Auth required

Prerequisites: Victim must open the malicious email · Valid session token in the URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1393

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35177

Vendor Advisory x_refsource_confirm

http://www.novell.com/support/viewContent.do?externalId=7003266&sliceId=1

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35066

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/50688

Vendor Advisory x_refsource_misc

https://bugzilla.novell.com/show_bug.cgi?id=472979

Scores

EPSS 0.0722

EPSS Percentile 93.5%

Details

Status published

Products (6)

novell/groupwise 7.0

novell/groupwise 7.0.0 sp1 (2 CPE variants)

novell/groupwise 7.0.2

novell/groupwise 7.0.3

novell/groupwise 7.03 hp1a (2 CPE variants)

novell/groupwise 8.0 (2 CPE variants)

Published May 26, 2009

Tracked Since Feb 18, 2026