Support Home Communities Home   Search Today's Posts Mark Forums Read
Notices


 
 
LinkBack Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 29-Oct-2009, 07:45 AM
Member
  
Join Date: Jul 2008
Posts: 44
vjmurray 0 reputation points
Default Security @ WebAccess
Our county ran security audits and came back with a report. Our WebAccess
is at their firewall and they gave me these issues:

1. The remote web server seems to transmit credentials in clear text.
page:/manager/html:/realm="Tomcat Manager Application"

2. The remote web server might transmit credentials in clear text.
Page:"/gw/webacc"

3. The remote webserver contains a JSP application that is affected by a
cross site scripting vulnerability. The remote web server includes an
example JSP application, cal2.jsp that fails to sanitize user-supplied input
before using it to generate dynamic content.

4. the web application running on the remote host has across-site scripting
vulnerability. Description: The remot host is running Novell GroupWise
WebAccess and is vulnerable to a cross-site scripting issue in the User.lang
field of the login page.

Our GroupWise System is version 7.0.2 and is ssl End to End. except maybe
this web server? Any suggestions on how to fix would be greatly
appreciated.

--
TheSwtLdy


Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -6. The time now is 12:58 PM.
Contact Us - NOVELL FORUMS - Archive - Privacy Statement - Top

© 2007 Novell, Inc. All Rights Reserved.

Search Engine Friendly URLs by vBSEO 3.3.0 RC2