The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of NetWare: Cross Site Scripting of Welcome web-app

Synthesis of the vulnerability 

The Welcome web application permits an attacker to exploit a Cross Site Scripting attack.
Impacted software: Netware.
Severity of this computer vulnerability: 2/4.
Creation date: 20/12/2006.
Références of this announce: 3319127, BID-21678, VIGILANCE-VUL-6418.

Description of the vulnerability 

The Welcome web application is located in the "/welcome" virtual directory of Apache (which corresponds for example to /usr/local/tomcat5/webapps/welcome).

This application permits an attacker to exploit a Cross Site Scripting attack.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat alert impacts software or systems such as Netware.

Our Vigil@nce team determined that the severity of this weakness announce is medium.

The trust level is of type unique source, with an origin of document.

An attacker with a expert ability can exploit this computer weakness bulletin.

Solutions for this threat 

NetWare: workaround for Welcome web-app.
A workaround is to comment Welcome in SYS:APACHE2/CONF/HTTPD.CONF:
  # Include "SYS:/adminsrv/webapps/welcome/web-inf/welcome-apache.conf"
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides an application vulnerability watch. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.