Technical Information Document
Potential security issue with GroupWise WebAccess 6.0 and 6.5 - TID10091330 (last modified 08MAR2004)
printer friendly tell a friend
Click here if this does not solve your problem
10091330 10091330 10091330
fact

Apache Web Server 1.3x for NetWare

Novell GroupWise 6

Novell GroupWise 6 WebAccess

Novell GroupWise 6.5

Novell GroupWise 6.5 WebAccess

Novell NetWare 6.0

symptom

Potential security issue with GroupWise WebAccess

cause

Novell has identified an issue with the default configuration of GroupWise 6 and 6.5 WebAccess that could allow unauthorized access to the WebAccess server.  This issue affects only systems running GroupWise 6 or 6.5 WebAccess on NetWare using the Apache 1.3x web server and where Apache is loaded using the GWAPACHE.CONF file.  Customers using a different web server (such as Novell Enterprise or Apache 2) should not be affected.

fix

To prevent unauthorized access to a GroupWise WebAccess server, you can edit the permissions section of the GWAPACHE.CONF file just under where the DocumentRoot is specified:

By default, that section reads:

# First, we configure the "default" to be a very restrictive set of
# permissions. 
#
<Directory "/">
    Options FollowSymLinks
    AllowOverride None
</Directory>

That section should read:

<Directory "/">
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    deny from all
</Directory>

To resolve this issue, you can perform a full installation of the most recent field-test file for 6.5 SP2 WebAccess (FWA652E.EXE or later), which is available from http://support.novell.com/filefinder

Document Title: Potential security issue with GroupWise
Document ID: 10091330
Solution ID: NOVL95659
Creation Date: 17FEB2004
Modified Date: 08MAR2004
Novell Product Class: Groupware

Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.