{"vuid":"VU#159203","idnumber":"159203","name":"Novell NetWare default installation contains sample files that disclose sensitive server information","keywords":["Novell NetWare","default configuration","Novonyx","default installation","sample files","sensitive information","server variable"],"overview":"Novell NetWare 5.1 is a network management operating system that enables access to files, printers, directories, email, databases, and other network interfaces, as well as providing a web interface. There is an insecure default configuration that places several sample applications in the webroot. Remote users may be able to use these applications to gain sensitive information about the server's configuration, and passwords.","clean_desc":"There are several sample applications that ship with Novell NetWare 5.1 and are installed in the webroot by default. If these applications are left in the webroot of a production machine, remote users may be able to gain sensitive information about the server's configuration, including passwords.","impact":"Remote users may be able to use these applications to gain sensitive information about the server's configuration, including passwords.","resolution":"Please see http://support.novell.com/cgi-bin/search/searchtid.cgi?/10064452.htm.","workarounds":"Remove sample applications prior to placing the server into production.","sysaffected":"","thanks":"Thanks to ProCheckUp for reporting this vulnerability.","author":"This document was written by Jason A Rafail.","public":["http://www.procheckup.com/security_info/vuln_pr0201.html","http://www.procheckup.com/security_info/vuln_pr0203.html","http://www.securityfocus.com/bid/4874"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-06-10T21:02:46Z","publicdate":"2002-05-29T00:00:00Z","datefirstpublished":"2002-06-11T20:11:54Z","dateupdated":"2003-04-03T17:48:17Z","revision":14,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"10","cam_impact":"4","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"7.5","cam_scorecurrentwidelyknown":"9","cam_scorecurrentwidelyknownexploited":"15","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":7.5,"vulnote":null}