CVE-2002-1437

Description

Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences.

Affected products

• Novell / netware5.1 – 5.1
• Novell / netware5.1 – 5.1
• Novell / netware6.0 – 6.0
• Novell / netware6.0 – 6.0

References

• MISChttp://support.novell.com/servlet/tidfinder/2963307
• MISChttp://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html
• MISChttp://www.securityfocus.com/bid/5522
• MISChttp://www.iss.net/security_center/static/9915.php