Potential XSS security vulnerability in Welcome web-app

  • Document ID:3319127
  • Creation Date:08-Jan-2007
  • Modified Date:27-Apr-2012
    • Micro Focus Products:
      NetWare

Environment

Novell Apache on NetWare 2.0.48
Novell NetWare 6.5 Support Pack 5
Novell NetWare 6.5 Support Pack 6

Situation

A potential Cross-Site Scripting vulnerability has been reported against the Welcome web-app on NetWare 6.5.

Resolution

This was resolved with NetWare 6.5 Support Pack 7 and newer.
 
Another work-around is to disable the Welcome web-app.
To disable the Welcome Web-app, remark out the following line in SYS:APACHE2/CONF/HTTPD.CONF:
Include"SYS:/adminsrv/webapps/welcome/web-inf/welcome-apache.conf"
by putting a'#' character in front of it, like this:
# Include"SYS:/adminsrv/webapps/welcome/web-inf/welcome-apache.conf"

Status

Reported to Engineering
Security Alert

Bug Number

227730