| VID |
22008 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The web server is vulnerable to a denial of service attack, caused by a too long request with dots (ie: ../../../../ 1000 times). iPlanet (formerly Netscape) Enterprise Server version 4.1 with SP5 is vulnerable to this attack. By sending a malformed HTTP GET request that includes at least 1344 instances of "/../", an attacker can crash the HTTP service and the admin service.
* Warning : A restart of the server service is required in order to gain normal functionality
* References:
http://www.iss.net/security_center/static/5983.php
http://www.securityfocus.com/bid/2282 |
| Recommendation |
Upgrade to the latest versions of iPlanet Web Server, Enterprise Edition (6.0 or later)
http://www.oracle.com/technetwork/java/webtier/downloads/iplanet-webserver-525365.html |
| Related URL |
CVE-2001-0252 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
