Computerworld

Vulnerability: GroupWise Web root disclosure

BugTraq says a vulnerability has been reported in some versions of GroupWise.

If a maliciously formatted web request is submitted to the GWWEB.EXE cgi process, an error message will be returned. This error message will include the full path of the script. Knowledge of the path to the web root may aid an attacker in performing further intelligent attacks against the vulnerable host. However, this has not been confirmed by Novell. Read more at http://www.securityfocus.com/bid/4206