Potential Security Vulnerability with Apache on NetWare 6.5 after installing OES2 Linux Server

  • 7001907
  • 17-Nov-2008
  • 26-Apr-2012


Novell Apache on NetWare 2.0.48
Novell NetWare 6.5 Support Pack 7
Novell NetWare 6.5 Support Pack 6
Novell NetWare 6.5 Support Pack 5


After installing an OES2 Linux server into a tree that is already running on NetWare 6.5, it is possible to access the ApacheAdmin console on NetWare without using a password.

NOTE:  Generally this problem is only seen when the NetWare server has been upgraded from an earlier version of NetWare 6.5 (i.e. Support Pack 2, Support Pack 3, etc.) to Support Pack 7. 


The fix to this issue is to apply support pack 8 to the server.