Reported October 16, 2001, by Mike Shema.
Novell GroupWise 5.5, 6.0 for Windows 2000
A vulnerability exists in Novell’s GroupWise server that lets an attacker view files located anywhere on the server. The servlet “webacc” located in /servlet/ typically accesses templates located in webroot. However, if an attacker knows the filename and location and appends the file with a null character, the servlet also permits full directory-path traversal.
Mike Shema provided the following scenario as proof-of-concept. By typing the following into the address window of an Internet browser, a user can display the contents of boot.ini.
The vendor, Novell, recommends that users obtain a fix available through regular support channels.