| VID |
22121 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The iPlanet web server is vulnerable to a chunked encoding heap buffer overflow.
iPlanet Web Server (now known as Sun ONE Web Server) versions 3.x, 4.1 and 6.0 may susceptible to a heap buffer overflow in the mechanism that calculates the size of "chunked" encoding. Chunked encoding is a process by which a client generates a variable sized "chunk" of data and notifies the Web server of the data's size before transferring it, so that the Web server can allocate a buffer of the correct size. This vulnerability is a software flaw that misinterprets the size of incoming data chunks, which could allow a remote attacker to overflow a buffer and execute arbitrary code or cause a denial of service against the affected Web server.
* Note: This check sends a specially-crafted HTTP request to remote server and then waits for a response from the server during 30 seconds to assess this vulnerability. If the response is timed out for the given times, it regards that the server is vulnerable. But due to various situations, unfortunately the server can respond after 30 seconds, and in this case this alert will be a false positive. So if the server has been applied a appropriate patch (4.1 SP11 and 6.0 SP4 or later), please ignore this alert.
* References:
http://online.securityfocus.com/bid/5433
http://www.iss.net/security_center/static/9799.php
* Platforms Affected:
HP-UX Any version
Linux Any version
Solaris Any version
Sun ONE Web Server 4.1
Sun ONE Web server 6.0
Microsoft Windows Any version
iPlanet Web Server 3.x
iPlanet Web Server 4.1
iPlanet Web Server 6.0 |
| Recommendation |
Upgrade to a fixed version (4.1 SP11 and 6.0 SP4 or later) of the web server. Sun has released a security bulletin and patch:
http://www.oracle.com/technetwork/java/webtier/downloads/iplanet-webserver-525365.html |
| Related URL |
CVE-2002-0845 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
