| VID |
22004 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Netscape Enterprise Server 4.1 is vulnerable to a remotely exploitable buffer overflow. A manipulation of the HTTP request headers sent to iPlanet Web Server, Enterprise Edition version 4.1 Service Packs 3 through 7 (iWS4.1sp3-7) on the Microsoft Windows NT platform can be exploited as a Denial of Service attack.
When receiving an invalid Method or URI request containing 4022 characters or more, Netscape Enterprise Server will crash, possibly also executing arbitrary code.
* References:
http://www.iss.net/security_center/static/6554.php |
| Recommendation |
The latest iPlanet is available at:
http://www.oracle.com/technetwork/java/webtier/downloads/iplanet-webserver-525365.html |
| Related URL |
CVE-2001-0746 (CVE) |
| Related URL |
2732 (SecurityFocus) |
| Related URL |
(ISS) |
|
