Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:MICROFOCUS-INDEX-XSS

Severity

 Major

Recommended

 Yes

Recommended Action

 Drop

Category

 HTTP

Keywords

 Micro Focus GroupWise Admin Console index.jsp PoaCmd Cross Site Scripting

Release Date

 2016/11/14

Update Number

 2804

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Micro Focus GroupWise Admin Console index.jsp PoaCmd Cross Site Scripting


A cross-site scripting vulnerability has been reported in the administrator console of Micro Focus GroupWise. Successful exploitation would result in the execution of arbitrary script code in the context of the target user's browser.

Extended Description

Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2) PATH_INFO to gwadmin-console/index.jsp.

Affected Products

  • Novell groupwise 2012
  • Novell groupwise 2014

References

  • CVE: CVE-2016-5760
  • URL: https://www.novell.com/support/kb/doc.php?id=7017973

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out