CVE-2004-2103

Name of the Vulnerable Software and Affected Versions Novell NetWare Enterprise Web Server versions 5.1 through 6.0

Description A cross-site scripting issue allows remote attackers to execute arbitrary script or HTML as other users. This can be achieved through various means, including a malformed request for a Perl program with script in the filename, the User.id parameter to the webacc servlet, the GWAP.version parameter to webacc, or a URL request for a .bas file with script in the filename.

Recommendations For Novell NetWare Enterprise Web Server versions 5.1 through 6.0, consider disabling the webacc servlet and restricting access to .bas and Perl files until a patch is available. Avoid using the User.id and GWAP.version parameters in the webacc servlet to minimize the risk of exploitation.