Novell has identified an issue with the default configuration of GroupWise 6 and 6.5 WebAccess that could allow unauthorized access to the WebAccess server. This issue affects only systems running GroupWise 6 or 6.5 WebAccess on NetWare using the Apache 1.3x web server and where Apache is loaded using the GWAPACHE.CONF file.
3af321a0b71da464f106be0cbfd62b884c6d174fcc11563a1739cc9ed3673c13
<HTML>
<HEAD>
<TITLE>TID-10091330 Potential security issue with GroupWise WebAccess 6.0 and 6.5 ( 08MAR2004)</TITLE>
<!--*Robots NoIndex -->
<script language="javascript" type="text/javascript" src="http://www.novell.com/inc/hdr_script_common.js"></script>
<script language="javascript" type="text/javascript" src="http://www.novell.com/inc/hdr_script_tier3.js"></script>
<!--*Robots Index -->
<script language="JavaScript">
<!--
alwaysDown = "support";
//-->
</script>
</head>
<body style="margin:0px" marginwidth="0" marginheight="0" bgcolor="#ffffff" text="#000000" link="#ff9933" alink="#cccccc" vlink="#ff9933">
<!--------------------------------------------------------->
<!-- BEGIN HEADER -->
<!--*Robots NoIndex -->
<script language="javascript" type="text/javascript" src="http://www.novell.com/inc/hdr_tier3.js"></script>
<script language="javascript" type="text/javascript" src="http://www.novell.com/inc/hdr_script_navlinks.js"></script>
<script language="javascript" type="text/javascript" src="http://www.novell.com/inc/hdr_script_search.js"></script>
<!--*Robots Index -->
<!-- END HEADER -->
<!--------------------------------------------------------->
<!--------------------------------------------------------->
<!-- BEGIN BODY CONTENT -->
<table width="773" class="bodyCopy" cellspacing="0" cellpadding="0" border="0">
<tr>
<td width="10" background="/img/t3_leftnavbg.gif" rowspan="2"><img src="/img/spacer.gif" width="10" height="20" border="0" alt=""></td>
<td width="1" background="/img/dotline.gif" rowspan="2"><img src="/img/spacer.gif" width="1" height="20" border="0" alt=""></td>
<td width="173" valign="top" background="/img/t3_leftnavbg.gif">
<!--------------------------------------------------------->
<!-- BEGIN LEFT NAVIGATION -->
<SCRIPT LANGUAGE="JavaScript1.2" TYPE='text/javascript'>
<!--
var menuFile = "support.js";
// -->
</SCRIPT>
<SCRIPT LANGUAGE="JavaScript1.2" SRC="http://www.novell.com/inc/nav/loader.js" TYPE='text/javascript'></SCRIPT>
<!-- END LEFT NAVIGATION -->
<!--------------------------------------------------------->
</td>
<td width="1" background="/img/dotline.gif" rowspan="2"><img src="/img/spacer.gif" width="1" height="20" border="0" alt=""></td>
<td width="17" rowspan="2"><img src="/img/spacer.gif" width="17" height="1" border="0" alt=""></td>
<td width="361" valign="top" rowspan="2"><br>
<!--------------------------------------------------------->
<!-- BEGIN CENTER CONTENT HERE -->
<!-- Begin Printer Friendly -->
<table border="0" width="520" cellspacing="0" cellpadding="0" >
<tr>
<td><img src="/img/spacer.gif" width="520" height="15" border="0" alt=""></td>
</tr>
<tr>
<td class="title">Technical Information Document</td>
</tr>
<tr>
<td class="subTitle"><b>Potential security issue with GroupWise WebAccess 6.0 and 6.5</b> - TID<b>10091330</b> (last modified 08MAR2004)</td>
</tr>
<tr>
<td><img src="/img/spacer.gif" width="520" height="20" border="0" alt=""></td>
</tr>
</table>
<!-- Begin Rater -->
<table border="0" width="520" cellspacing="0" cellpadding="0" >
<tr>
<td align="right">
<table width="1" border="0" cellspacing="0" cellpadding="0">
<tr>
<td background="/img/dotlinebg_vert.gif"><img src="/img/spacer.gif" width="1" height="1" border="0" alt=""></td>
<td><a href="http://www.novell.com/inc/pf/pf.jsp"><img src="/img/printer_friendly.gif" width="113" height="18" border="0" alt="printer friendly"></a></td>
<td background="/img/dotlinebg_vert.gif"><img src="/img/spacer.gif" width="1" height="1" border="0" alt=""></td>
<td><a href="#" onClick="javascript:window.open('http://www.novell.com/info/sendemail.jsp?url=' + document.location.href, 'new', 'resizable=yes, screenX=200, screenY=200, top=200, left=200, width=535, height=400')"><img src="/img/tell_friend.gif" width="98" height="18" border="0" alt="tell a friend"></a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td background="/img/dotlinebg_horiz.gif" colspan="5"><img src="/img/spacer.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td width="520" colspan="5"><img src="/img/spacer.gif" width="347" height="7" border="0" alt=""></td>
</tr>
<tr>
<td class="bodyCopy" colspan="5">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="bodyCopy"><a href="http://support.novell.com/search/notsolve.html">Click here if this does not solve your problem <img src="/img/h_link-arrow.gif" border="0" alt=""></a></td>
</tr>
<tr>
<td><img src="/img/spacer.gif" width="1" height="15" border="0" alt=""></td>
</tr>
<script language="javascript" type="text/javascript" src="http://www.novell.com/inc/feedbackdata.js"></script>
<!-- <tr>
<td background="/img/dotlinebg_horiz.gif"><img src="/img/spacer.gif" width="1" height="1" border="0" alt=""></td>
</tr> -->
<tr>
<td>
<!-- <table width="520" border="0" cellspacing="0" cellpadding="0">
<tr>
<td class="bodyCopy" width="1">Reader Rating </td>
<td background="/img/dotlinebg_vert.gif" width="1"><img src="/img/spacer.gif" width="1" height="1" border="0" alt=""></td>
<td bgcolor="#EDEEEC" width="1"><script language="javascript" type="text/javascript"> document.write (picturl);</script></td>
<td background="/img/dotlinebg_vert.gif" width="1"><img src="/img/spacer.gif" width="1" height="1" border="0" alt=""></td>
<td class="bodyCopy" width="100%"> from <script language="javascript" type="text/javascript"> document.write (numReviews);</script> ratings</td>
<td align="right" width="1"><a href="#" onclick="javascript: window.open('http://www.novell.com/inc/rater.jsp?url=' + document.location.href,'_blank','height=165,width=225,menubar=no,status=no');">
<img src="http://www.novell.com/img/rate_this.gif" border="0" alt="rate this article"></a></td>
</tr>
</table> -->
</td>
</tr>
<tr>
<!-- <td background="/img/dotlinebg_horiz.gif"><img src="/img/spacer.gif" width="1" height="1" border="0" alt=""></td> -->
</tr>
<tr>
<td><img src="/img/spacer.gif" width="1" height="4" border="0" alt=""></td>
</tr>
</table>
</td>
</tr>
<tr>
<td colspan="5"><img src="/img/spacer.gif" width="30" height="12" border="0" alt=""></td>
</tr>
</table>
<!-- End Rater -->
<!----HTML Body Starts Here--->
10091330
10091330
10091330
<META NAME="TID_Number" CONTENT="10091330">
<META NAME="Modified_Date" CONTENT="20040308">
<META NAME="Creation_Date" CONTENT="20040217">
<META NAME="TID_Status" CONTENT="Released">
<META NAME="TID_Type" CONTENT="Corrective">
<META NAME="Product_Class" CONTENT="Groupware">
<META NAME="Product_and_Version" CONTENT="GroupWise">
<META NAME="Abstract" CONTENT="Potential security issue with GroupWise WebAccess 6.0 and 6.5">
<META NAME="First_Time" CONTENT="TRUE">
<meta name="WebDisplay" content="16963">
<META NAME="Flag_Security_Alert" CONTENT="True">
<!--Start Fact-->
<table border="0" width="520" cellspacing="0" cellpadding="0">
<tr>
<td width="14"><img src="/img/h_arrow.gif" width="14" height="26" border="0" alt=""></td>
<td width="347" class="head3" valign="bottom">fact</td>
</tr>
<tr>
<td background="/img/dotlinebg_horiz.gif" colspan="5"><img src="/img/spacer.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td width="14"><img src="/img/spacer.gif" width="14" height="7" border="0" alt=""></td>
<td width="347"><img src="/img/spacer.gif" width="347" height="7" border="0" alt=""></td>
</tr>
<tr>
<td class="bodyCopy" colspan="2">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="bodyCopy">
<P>Apache Web Server 1.3x for NetWare
<P>Novell GroupWise 6
<P>Novell GroupWise 6 WebAccess
<P>Novell GroupWise 6.5
<P>Novell GroupWise 6.5 WebAccess
<P>Novell NetWare 6.0
</td>
</tr>
<tr>
<td><img src="/img/spacer.gif" width="1" height="4" border="0" alt=""></td>
</tr>
</table>
</td>
</tr>
<tr>
<td colspan="2"><img src="/img/spacer.gif" width="30" height="12" border="0" alt=""></td>
</tr>
</table>
<!--Stop Fact-->
<!--Start Symptom-->
<table border="0" width="520" cellspacing="0" cellpadding="0">
<tr>
<td width="14"><img src="/img/h_arrow.gif" width="14" height="26" border="0" alt=""></td>
<td width="347" class="head3" valign="bottom">symptom</td>
</tr>
<tr>
<td background="/img/dotlinebg_horiz.gif" colspan="5"><img src="/img/spacer.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td width="14"><img src="/img/spacer.gif" width="14" height="7" border="0" alt=""></td>
<td width="347"><img src="/img/spacer.gif" width="347" height="7" border="0" alt=""></td>
</tr>
<tr>
<td class="bodyCopy" colspan="2">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="bodyCopy">
<P>Potential security issue with GroupWise WebAccess
</td>
</tr>
<tr>
<td><img src="/img/spacer.gif" width="1" height="4" border="0" alt=""></td>
</tr>
</table>
</td>
</tr>
<tr>
<td colspan="2"><img src="/img/spacer.gif" width="30" height="12" border="0" alt=""></td>
</tr>
</table>
<!--Stop Symptom-->
<!--Start Cause-->
<table border="0" width="520" cellspacing="0" cellpadding="0">
<tr>
<td width="14"><img src="/img/h_arrow.gif" width="14" height="26" border="0" alt=""></td>
<td width="347" class="head3" valign="bottom">cause</td>
</tr>
<tr>
<td background="/img/dotlinebg_horiz.gif" colspan="5"><img src="/img/spacer.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td width="14"><img src="/img/spacer.gif" width="14" height="7" border="0" alt=""></td>
<td width="347"><img src="/img/spacer.gif" width="347" height="7" border="0" alt=""></td>
</tr>
<tr>
<td class="bodyCopy" colspan="2">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="bodyCopy">
<P>Novell has identified an issue with the default configuration of GroupWise 6 and 6.5 WebAccess that could allow unauthorized access to the WebAccess server. This issue affects only systems running GroupWise 6 or 6.5 WebAccess on NetWare using the Apache 1.3x web server and where Apache is loaded using the GWAPACHE.CONF file. Customers using a different web server (such as Novell Enterprise or Apache 2) should not be affected.
</td>
</tr>
<tr>
<td><img src="/img/spacer.gif" width="1" height="4" border="0" alt=""></td>
</tr>
</table>
</td>
</tr>
<tr>
<td colspan="2"><img src="/img/spacer.gif" width="30" height="12" border="0" alt=""></td>
</tr>
</table>
<!--Stop Cause-->
<!--Start Fix-->
<table border="0" width="520" cellspacing="0" cellpadding="0">
<tr>
<td width="14"><img src="/img/h_arrow.gif" width="14" height="26" border="0" alt=""></td>
<td width="347" class="head3" valign="bottom">fix</td>
</tr>
<tr>
<td background="/img/dotlinebg_horiz.gif" colspan="5"><img src="/img/spacer.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td width="14"><img src="/img/spacer.gif" width="14" height="7" border="0" alt=""></td>
<td width="347"><img src="/img/spacer.gif" width="347" height="7" border="0" alt=""></td>
</tr>
<tr>
<td class="bodyCopy" colspan="2">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="bodyCopy">
<P>To prevent unauthorized access to a GroupWise WebAccess server, you can edit the permissions section of the GWAPACHE.CONF file just under where the DocumentRoot is specified: <BR>
<P></P>
<P>By default, that section reads:</P>
<P># First, we configure the "default" to be a very restrictive set of <BR># permissions. <BR>#<BR><Directory "/"><BR> Options FollowSymLinks<BR> AllowOverride None<BR></Directory></P>
<P>That section <STRONG>should</STRONG> read:</P>
<P><Directory "/"><BR> Options FollowSymLinks<BR> AllowOverride None<BR> Order deny,allow<BR> deny from all<BR></Directory>
<P>To resolve this issue, you can perform a full installation of the most recent field-test file for 6.5 SP2 WebAccess (FWA652E.EXE or later), which is available from <a href=http://support.novell.com/filefinder>http://support.novell.com/filefinder</a>
</td>
</tr>
<tr>
<td><img src="/img/spacer.gif" width="1" height="4" border="0" alt=""></td>
</tr>
</table>
</td>
</tr>
<tr>
<td colspan="2"><img src="/img/spacer.gif" width="30" height="12" border="0" alt=""></td>
</tr>
</table>
<!--Stop Fix-->
<table border="0" width="520" cellspacing="0" cellpadding="0">
<tr>
<td background="/img/dotlinebg_horiz.gif" colspan="5"><img src="/img/spacer.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td width="14"><img src="/img/spacer.gif" width="14" height="12" border="0" alt=""></td>
<td width="347"><img src="/img/spacer.gif" width="347" height="12" border="0" alt=""></td>
</tr>
<tr>
<td class="bodyCopy" colspan="2">
<table cellpadding="2" cellspacing="0" border="0">
<TR>
<td class="bodyCopy" VALIGN=top><B>Document Title:</B></TD>
<td class="bodyCopy" VALIGN=top><!--Start Title-->Potential security issue with GroupWise<!--Stop Title--></TD>
<TR>
<td class="bodyCopy" VALIGN=top><B>Document ID:</B></TD>
<td class="bodyCopy" VALIGN=top><!--Start ID-->10091330<!--Stop ID--></TD>
<TR>
<td class="bodyCopy" VALIGN=top><B>Solution ID:</B></TD>
<td class="bodyCopy" VALIGN=top><!--Start Solution ID-->NOVL95659<!--Stop Solution ID--></TD>
<TR>
<td class="bodyCopy" VALIGN=top><B>Creation Date:</B></TD>
<td class="bodyCopy" VALIGN=top><!--Start Creation-->17FEB2004<!--Stop Creation--></TD>
<TR>
<td class="bodyCopy" VALIGN=top><B>Modified Date:</B></TD>
<td class="bodyCopy" VALIGN=top><!--Start Modified-->08MAR2004<!--Stop Modified--></TD>
<TR>
<td class="bodyCopy" VALIGN=top><B>Novell Product Class:</B></TD>
<td class="bodyCopy" VALIGN=top><!--Start Class-->Groupware<!--Stop Class--></TD>
</TABLE>
</td>
<td><img src="/img/spacer.gif" width="1" height="4" border="0" alt=""></td>
</tr>
</table>
<a name="disclaimer"></a>
<p>
<table border="0" width="520" cellspacing="0" cellpadding="0">
<tr>
<td background="/img/dotlinebg_horiz.gif" colspan="5"><img src="/img/spacer.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td width="14"><img src="/img/spacer.gif" width="14" height="7" border="0" alt=""></td>
<td width="347"><img src="/img/spacer.gif" width="347" height="7" border="0" alt=""></td>
</tr>
<tr>
<td class="bodyCopy" colspan="2">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td class="bodyCopy">
<b>Disclaimer</b><p>
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
<P>Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td colspan="2"><img src="/img/spacer.gif" width="30" height="25" border="0" alt=""></td>
</tr>
</table>
<!--Start ProdTree
Groupware {GRPWARE}
GroupWise {GRPWISE}
GroupWise 6.5 {GW65}
WebAccess - GW65 {GW65WA}
Webserver Integration - GW65WA {GW65WAWI}
Apache on NetWare - GW65WAWI {GW65WAWIAN}
Stop ProdTree-->
<!-- End Printer Friendly -->
</td>
<td width="50" rowspan="2"><img src="/img/spacer.gif" width="50" height="1" border="0" alt=""></td>
<td width="1" background="/img/dotline.gif" rowspan="2"><img src="/img/spacer.gif" width="1" height="400" border="0" alt=""></td>
</tr>
<tr>
<td width="173" valign="bottom" background="/img/t3_leftnavbg.gif"><img src="/img/t3_nfig2.gif" width="173" height="280" border="0" alt=""></td>
</tr>
</table>
<!-- END BODY CONTENT -->
<!--------------------------------------------------------->
<!--------------------------------------------------------->
<!-- BEGIN FOOTER -->
<!--*Robots NoIndex -->
<script language="javascript1.2" type="text/javascript" src="http://www.novell.com/inc/footer.js"></script>
<script language="javascript1.2" type="text/javascript" src="http://www.novell.com/inc/superstats.js"></script>
<!--*Robots Index -->
<!-- END FOOTER -->
<!--------------------------------------------------------->
</body>
</html>