GEN:SID 1:1389
Message WEB-MISC viewcode.jse access
Summary Someone attempted to access the potentially vulnerable sample script
viewcode.jse, which ships with Netware 5.1 and Nombas ScriptEase
WebServer Edition.  This may allow an attacker to view any file on the
system.
Impact An attacker may have been able to read the contents of any file on the
web server.
Detailed Information Nombas ScriptEase WebServer Edition is a Javascript environment for web
servers.  As shipped, it comes with a sample script called "viewcode.jse"
that contains a vulnerability.  This vulnerability allows an attacker
to view any file on the web server.  The web server that ships with
Novell Netware 5.1 before SP3 contains this vulnerability.
Affected Systems  
Attack Scenarios Attacker sends a simple URL like the following:
http://target/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist+httplist/../../../../../system/somefile
Ease of Attack Very simple handcrafted URL.  Attacker must make educated guesses as to
filesystem layout.
Corrective Action Examine the packet to see if a malicious web request was being done.
Try to determine what the requested file was, and determine
from the web server's configuration whether it was a threat or not
(e.g., whether the requested file even existed and whether the web
server contained the viewcode.jse sample script).  The existence of
sample scripts on a web server may indicate larger vulnerabilities.
Additional References  
Rule References bugtraq: 3715