| VID |
22010 |
| Severity |
40 |
| Port |
80, ¡¦ |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Enterprise Server 3.6 SP2 with the SSL Handshake Patch applied is vulnerable to a remotely exploitable buffer overflow. The hole exists in the server's handling of Accept headers submitted by a browsing client, and could allow remote attackers to cause a denial of service or to execute arbitrary commands on the system with the privileges of the server process.
The remote web server seems to crash when it is issued a too long argument to the "Accept:" command :
Example :
GET / HTTP/1.0
Accept: <thousands of chars>/gif
* References:
http://www.iss.net/security_center/static/3256.php
http://www.securityfocus.com/bid/631 |
| Recommendation |
Contact Netscape Communications for a patch. |
| Related URL |
CVE-1999-0751 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
