1. Home
  2. Web App Vulnerabilities
  3. How to remediate – Novell NetWare Web Handler Multiple Vulnerabilities
Searching...

How to remediate – Novell NetWare Web Handler Multiple Vulnerabilities

Contents

1. Introduction

Novell NetWare Web Handler Multiple Vulnerabilities affect systems running Novell NetWare with default web server installations. These flaws allow attackers to execute arbitrary code via crafted POST requests sent to the NetWare Enterprise Web Server’s perl handler. Affected versions include 5.x (up to Service Pack 4) and 6.x (up to Service Pack 1). Successful exploitation could lead to complete system compromise, impacting confidentiality, integrity, and availability.

2. Technical Explanation

Novell NetWare includes a default web server installation with a perl handler that processes incoming POST requests. This handler does not sufficiently validate user-supplied input, allowing an attacker to inject and execute arbitrary code on the remote system. The vulnerability is tracked as CVE-2002-1436, CVE-2002-1437, and CVE-2002-1438.

  • Root cause: Insufficient input validation in the NetWare Enterprise Web Server perl handler.
  • Exploit mechanism: An attacker sends a specially crafted POST request containing malicious code to the /perl handler on the vulnerable server. The server then executes this code. For example, an attacker could send a POST request with Perl code designed to create a backdoor account.
  • Scope: Novell NetWare versions 5.x (through SP4) and 6.x (through SP1).

3. Detection and Assessment

Confirming vulnerability requires checking the installed version of NetWare and assessing whether the web server is running with the vulnerable perl handler enabled.

  • Quick checks: Use the `net diag` command to check the operating system version. Check for the presence of the Enterprise Web Server service.
  • Scanning: Nessus plugin ID 16849 may identify affected systems. This is an example only and should be verified.
  • Logs and evidence: Examine web server logs for unusual activity or error messages related to perl script execution. Look in standard NetWare log locations, which vary depending on configuration.
net diag

4. Solution / Remediation Steps

The primary solution is to upgrade the NetWare version. Alternatively, you can disable or unmap the vulnerable perl handler.

4.1 Preparation

  • Stop the NetWare Enterprise Web Server service if possible to minimise risk during patching.
  • Roll back plan: Restore from backup or revert the snapshot if issues occur.
  • Change window: Coordinate with stakeholders as this may cause service interruption. Approval is recommended.

4.2 Implementation

  1. Step 1: Install NetWare 5.x Service Pack 5 or NetWare 6.0 Service Pack 2.
  2. Step 3: If upgrading is not immediately possible, use the enterprise manager web interface to unmap the /perl handler.

4.3 Config or Code Example

Before

(Example - configuration will vary depending on NetWare version)
The /perl handler is mapped in the web server configuration, allowing execution of scripts.

After

(Example - configuration will vary depending on NetWare version)
The /perl handler is unmapped in the web server configuration, preventing script execution.

4.4 Security Practices Relevant to This Vulnerability

Several security practices can help prevent this type of vulnerability.

  • Practice 1: Least privilege – Run services with minimal necessary permissions to limit the impact if exploited.
  • Practice 2: Input validation – Validate all user-supplied input to block malicious code or commands.

4.5 Automation (Optional)

Automation is unlikely due to the age of this system, but scripting could be used for service restarts.

(Example - NetWare script to restart web server)
net stop websrv
net start websrv

5. Verification / Validation

Verify that the patch has been applied or the perl handler is unmapped, and confirm that exploitation attempts are no longer successful.

  • Post-fix check: Use `net diag` to verify the installed service pack version.
  • Re-test: Attempt to send a crafted POST request to the /perl handler; it should now be blocked or result in an error.
  • Monitoring: Monitor web server logs for any errors related to script execution, which could indicate a regression.
net diag

6. Preventive Measures and Monitoring

Regular security assessments and patch management are crucial.

  • Baselines: Update your NetWare security baseline to include the latest service packs and configuration settings.
  • Pipelines: Implement regular vulnerability scanning as part of your CI/CD pipeline.
  • Asset and patch process: Establish a consistent patch review cycle for all systems, including NetWare.

7. Risks, Side Effects, and Roll Back

Patching may cause temporary service interruption. Unmapping the perl handler could affect applications that rely on it.

  • Risk or side effect 1: Service interruption during patching. Mitigation: Schedule maintenance window and communicate with stakeholders.
  • Roll back: Restore from backup, revert snapshot, or re-map the /perl handler in the web server configuration.

8. References and Resources

Links to official advisories and documentation.

Updated on December 27, 2025

Was this article helpful?

Yes No

Related Articles