Environment
Novell GroupWise 7
Novell GroupWise 8
Novell GroupWise WebAccess
Novell GroupWise 8
Novell GroupWise WebAccess
Situation
Under certain circumstances, parameters passed to GroupWise WebAccess could potentially expose authentication information in the user's web browser.
Affected versions:
GroupWise 7.0, 7.01, 7.02, 7.03x, 7.04
GroupWise 8.0, 8.01x
This vulnerability was discovered and reported by Kevin Lynn of The George Washington University (http://www.gwu.edu/)
Novell bug 576308, CVE-2010-2776
Affected versions:
GroupWise 7.0, 7.01, 7.02, 7.03x, 7.04
GroupWise 8.0, 8.01x
This vulnerability was discovered and reported by Kevin Lynn of The George Washington University (http://www.gwu.edu/)
Novell bug 576308, CVE-2010-2776
Resolution
To resolve this issue:
For GroupWise 8.0 systems, apply GroupWise 8.0 Support Pack 2 (or later).
For GroupWise 7 systems, apply the GroupWise 7.0 post-SP4 Field Test File (FTF)
For GroupWise 8.0 systems, apply GroupWise 8.0 Support Pack 2 (or later).
For GroupWise 7 systems, apply the GroupWise 7.0 post-SP4 Field Test File (FTF)