{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-02-04T00:00:00", "descriptions": [{"lang": "en", "value": "Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "netware-apacheadmin-security-bypass(47104)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47104"}, {"name": "32989", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32989"}, {"name": "ADV-2008-3368", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/3368"}, {"name": "32657", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32657"}, {"name": "1021350", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021350"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.novell.com/support/viewContent.do?externalId=7001907"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5696", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "netware-apacheadmin-security-bypass(47104)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47104"}, {"name": "32989", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32989"}, {"name": "ADV-2008-3368", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3368"}, {"name": "32657", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32657"}, {"name": "1021350", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021350"}, {"name": "http://www.novell.com/support/viewContent.do?externalId=7001907", "refsource": "CONFIRM", "url": "http://www.novell.com/support/viewContent.do?externalId=7001907"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:04:44.153Z"}, "title": "CVE Program Container", "references": [{"name": "netware-apacheadmin-security-bypass(47104)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47104"}, {"name": "32989", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32989"}, {"name": "ADV-2008-3368", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/3368"}, {"name": "32657", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32657"}, {"name": "1021350", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1021350"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.novell.com/support/viewContent.do?externalId=7001907"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5696", "datePublished": "2008-12-19T18:00:00", "dateReserved": "2008-12-19T00:00:00", "dateUpdated": "2024-08-07T11:04:44.153Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:novell:netware:*:sp7:*:*:*:*:*:*", "matchCriteriaId": "174FE537-D73F-4230-AED1-B9F1C4182C08", "versionEndIncluding": "6.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "D328A81E-DC60-4B67-B707-F0AD9A6F48E2", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:netware:6.5:sp1:*:*:*:*:*:*", "matchCriteriaId": "1CEB9CEA-9245-490F-88F6-EFD23B11A19B", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:netware:6.5:sp1.1a:*:*:*:*:*:*", "matchCriteriaId": "0669D0E2-AB83-44AE-A87C-C7EB7AA2953A", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:netware:6.5:sp1.1b:*:*:*:*:*:*", "matchCriteriaId": "062E2A9A-CF88-4844-B5A1-7418722087D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:netware:6.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "0F8E031C-CE1F-410F-8F32-B3E33719C498", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:netware:6.5:sp3:*:*:*:*:*:*", "matchCriteriaId": "87F80FDC-7851-4EA8-BC7D-87B85C6BB93C", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:netware:6.5:sp4:*:*:*:*:*:*", "matchCriteriaId": "8C3AB68F-1D78-4217-9C56-B1B25F62FF38", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:netware:6.5:sp5:*:*:*:*:*:*", "matchCriteriaId": "0F7A41C8-4332-4F8C-A297-6850C05B3EB6", "vulnerable": true}, {"criteria": "cpe:2.3:o:novell:netware:6.5:sp6:*:*:*:*:*:*", "matchCriteriaId": "5DC7371E-6D35-4C9A-B688-E14391D9B953", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations."}, {"lang": "es", "value": "Novell NetWare 6.5, en versiones anteriores al Support Pack 8, cuando un servidor Linux OES2  se instala en el \u00e1rbol NDS, no requiere una contrase\u00f1a para la consola ApacheAdmin, lo que permite a atacantes remotos reconfigurar el Servidor HTTP Apache a trav\u00e9s de operaciones de consola."}], "id": "CVE-2008-5696", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-12-19T18:30:00.483", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32989"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/support/viewContent.do?externalId=7001907"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/32657"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1021350"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/3368"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47104"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32989"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/support/viewContent.do?externalId=7001907"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/32657"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1021350"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/3368"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47104"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}