FrSIRT Security Advisories - Novell NetWare Apache HTTP-Header Remote Information Disclosure Vulnerability / Exploit

FrSIRT Security Advisories - Novell NetWare Apache HTTP-Header Remote Information Disclosure Vulnerability / Exploit

A vulnerability has been identified in Novell NetWare and GroupWise, which could be exploited by remote attackers to gain knowledge of sensitive information. This issue is caused by an error in Apache that exposes system specifics in the "Content-Location" HTTP header, which could be exploited by attackers to disclose the internal IP of an Apache web server sitting behind a Proxy server or NAT device.

NWAddIn - a new NetWare tool

NWAddIn is a tool to extend NetWare reporting via Microsoft Excel. As the author, Thomas Roll, says:

The intention of this code is to provide a simple set of functions that, when included in an Excel spreadsheet, can be used to extract basic MIS information of Novell Netware environments based on basic Server and Volume parameters and values. This represents a simple and convenient way in which to extract basic information about disk space availability, server connection usage etc.

In most setups - it will not be required to authenticate/login to the NDS tree in order to get basic information such as disk space statistics or server uptime.

The individual functions have been put together based on information published on the Novell Developer Network about the use of the Novell Client API calls, and sample code published. A special thanks to Karl Durrance - without his work on the Novell clsNovellAPI VB 6 class, I would never have been able to put this library together.

The code will in time be added to in order to provide further functionality to aid in the monitoring and management of Novell Netware environments.

We're not toast yet!

The city of Seattle recently placed a want ad for a Technical Analyst (paying $1000 - $1500 per week) with one requirement being:

"four years of technical experience with knowledge in managing current Netware technology, including two years of experience architecting, installing, configuring, and administering 6.x NetWare servers."

Dust off that CNE 6, guys - it's still relevant.