What is CVE-2012-0419?

CVE-2012-0419 is a vulnerability in Novell Groupwise, classified under Path Traversal. Published 2012-09-28.

Is CVE-2012-0419 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Novell Groupwise

CVE-2012-0419

Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to read arbitrary files via directory traversal sequences in a request.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.751 (98.9th percentile) — read the EPSS interpretation.

Affected products

Novell Groupwise — versions 8.0, 8.00, 8.01
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cve@mitre.org (x_refsource_CONFIRM)
20120921 DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419) (mailing-list, x_refsource_FULLDISC)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
20120921 DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419) (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_CONFIRM, Patch)

Frequently asked questions

What is CVE-2012-0419?: CVE-2012-0419 is a vulnerability in Novell Groupwise, classified under Path Traversal. Published 2012-09-28.
Is CVE-2012-0419 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.