Novell GroupWise GWWEB.EXE HTMLVER Web Server Path Disclosure
Remote / Network Access
Loss of Integrity
Novell Groupware contains a flaw that allows a remote attacker to determine the physical path of the web server. By supplying any invalid content to the HTMLVER variable of the GWWEB.EXE program, the resulting error page will include the web server's physical path.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: remove the GWWEB.EXE application or deny access to it.