In association with heise online

« previous | next »
16 April 2009, 12:35

Novell Teaming vulnerabilities patched

SEC Consult, a security consulting service, has advised of three vulnerabilities in Teaming, Novell's collaboration and conferencing software. The first vulnerability relates to user authentication via a log-in form. Valid and invalid user names receive different responses from the web application, possibly allowing an attacker to generate a list of user names for a dictionary or brute force attack. The other two vulnerabilities could allow for a cross site scripting (XSS) attack.

Teaming 1.0.3 and prior versions are vulnerable. Patches for the log-in vulnerability and for the XSS vulnerabilities are available from Novell.

See also:

(crve)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-741185

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Crucial m4 SSD 128GB
  7. Gigabyte GeForce GTX 670 OC
  8. Palit GeForce GTX 670
  9. Diablo 3 (deutsch)
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit