mailing list archives
iPlanet FastTrack/Enterprise 4.1 DoS clarifications
From: Peter W <peterw () USA NET>
Date: Wed, 24 Jan 2001 06:34:52 -0500
Regarding Peter Guendl's discovery of DoS attacks against iWS 4.1:
1) Peter G. reports that disabling the cache with cache-init is not
an effective workaround for the FastTrack problem.
2) I wrote that iWS 4.1 has "at least one huge hole (remote code execution
via SSL/TLS implementation bug)". Another reader has pointed out that
the SSL/TLS problem was announced as a Denial of Service vulnerability.
3) The note about Service Pack levels for iPlanet Enterprise 4.1 in
Peter Gruendl's "Netscape Enterprise Server Dot-Dot DoS" was somewhat
confusing. The iPlanet URL he refers to correctly states that the
latest supported iPlanet Web servers are 4.0sp6 and 4.1sp5. 4.1sp6
has not been released or officially announced by iPlanet.
 All Netscape-branded Web server products, including Netscape Enterprise 3.6,
have officially passed their end-of-life dates and are no longer supported.
- iPlanet FastTrack/Enterprise 4.1 DoS clarifications Peter W (Jan 24)