Novell GroupWise GWWEB.EXE HELP Web Server Path Disclosure
Remote / Network Access
Loss of Integrity
Novell Groupwise contains a flaw that allows a remote attacker to discover the physical path of the web server installation. By providing any bad input for the HELP variable of the GWWEB.EXE program, the attacker will receive an error page with the physical path.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: remove the GWWEB.EXE application or deny access to it.