How to remediate – Novonyx Web Server Multiple Sample Application Files Present

1. Introduction

The Novonyx Web Server Multiple Sample Application Files Present vulnerability involves default files being installed on a system. These files, part of a standard Novell 5.x installation, can expose sensitive system information to attackers. This affects confidentiality primarily, potentially allowing an attacker to gather details about the server’s configuration and internal workings. Systems running Novell NetWare 5.x with the Novonyx web server enabled are usually affected.

2. Technical Explanation

The vulnerability arises from a default installation of Novell NetWare including numerous web server files that were not removed during setup. An attacker can remotely access these files via HTTP or HTTPS to retrieve system information. The CVE associated with this issue is CVE-2002-1634. A simple example would be an attacker browsing to the default directory structure of the Novonyx web server to view sample application files containing configuration details.

• Root cause: Unnecessary default files are installed without requiring removal during setup.
• Exploit mechanism: An attacker sends HTTP requests to access the default Novonyx web server files and retrieves sensitive information. For example, an attacker could request http://targetserver/sampleapp/config.txt.
• Scope: Affected platforms are those running Novell NetWare 5.x with the Novonyx web server component installed.

3. Detection and Assessment

Confirming vulnerability involves checking for the presence of default Novonyx files on the system. A quick check is to browse the web server’s root directory. A thorough method involves listing all files within the Novonyx installation path.

• Quick checks: Attempt to access a known default file via a web browser, such as http://targetserver/sampleapp/index.html.
• Scanning: Nessus plugin ID 30819 may detect this vulnerability. This is an example only and should be verified.
• Logs and evidence: Web server access logs may show requests for default files like ‘index.html’ or ‘config.txt’. Check the Novonyx web server log directory, if known.

ls -l /opt/novell/novonyx/htdocs

4. Solution / Remediation Steps

The solution is to remove all default Novonyx web server files if the service isn’t required. If needed, restrict access to these files.

4.1 Preparation

• Ensure you have a list of custom applications or configurations that might be affected by removing default files. A roll back plan is to restore the backed-up directory.
• A change window may be required depending on your organisation’s policies, and approval from the system owner may be needed.

4.2 Implementation

1. Step 1: Stop the Novonyx web server service using the appropriate command for your NetWare version (e.g., novelltop -s novonyx).
2. Step 2: Remove all files and directories within the default Novonyx web server directory, such as /opt/novell/novonyx/htdocs. Use a command like rm -rf /opt/novell/novonyx/htdocs/*. Be careful with this command!
3. Step 3: Restart the Novonyx web server service using novelltop -s novonyx.

4.3 Config or Code Example

Before

ls /opt/novell/novonyx/htdocs
index.html  sampleapp/ config.txt

After

ls /opt/novell/novonyx/htdocs
(empty directory)

4.4 Security Practices Relevant to This Vulnerability

Several security practices can help prevent this issue. Least privilege reduces the impact if exploited, and safe defaults minimise unnecessary exposure. Regular patch cadence ensures timely fixes for known vulnerabilities.

• Practice 1: Implement least privilege by granting only necessary access to web server files.
• Practice 2: Enforce safe defaults during software installation, removing unnecessary components or configuring secure settings automatically.

4.5 Automation (Optional)

#!/bin/bash
# Stop Novonyx service
novelltop -s novonyx
# Remove default files (CAUTION: This will delete all files in htdocs)
rm -rf /opt/novell/novonyx/htdocs/*
# Restart Novonyx service
novelltop -s novonyx

5. Verification / Validation

Confirm the fix by checking that default files are no longer present and attempting to access them via a web browser. A smoke test should verify core web server functionality if applicable.

• Post-fix check: Run ls /opt/novell/novonyx/htdocs; the output should be empty.
• Re-test: Attempt to access a default file via a web browser (e.g., http://targetserver/sampleapp/index.html); you should receive an error message indicating the file is not found.
• Smoke test: Verify that any custom applications hosted on the Novonyx web server are still accessible and functioning correctly.
• Monitoring: Monitor web server access logs for attempts to access default files, which should no longer occur. Example query: “grep ‘index.html’ /opt/novell/novonyx/logs/access.log”.

ls /opt/novell/novonyx/htdocs

6. Preventive Measures and Monitoring

Update security baselines to include the removal of default files from Novonyx installations. Incorporate checks in CI pipelines to prevent deployment of systems with unnecessary components. Implement a regular patch or configuration review cycle.

• Baselines: Update your server hardening baseline to require removing default Novonyx web server files during installation.
• Asset and patch process: Review server configurations regularly (e.g., quarterly) to ensure compliance with security baselines.

7. Risks, Side Effects, and Roll Back

Removing default files could break custom applications if they rely on those files. Service interruption is possible during the restart of the Novonyx web server. To roll back, restore the backed-up directory.

• Risk or side effect 2: Service interruption during restart; schedule maintenance window accordingly.
• Roll back:
  1. Stop the Novonyx web server service.
  2. Restore the backed-up Novonyx web server directory.
  3. Restart the Novonyx web server service.

8. References and Resources

• Vendor advisory or bulletin: No specific vendor advisory found for Novonyx web server default files, but review Novell Net