mailing list archives
Re: iPlanet FastTrack/Enterprise 4.1 DoS clarifications
From: Calvin Tait <ctait () GLOBESET COM>
Date: Wed, 24 Jan 2001 14:45:46 -0600
SP6 has been released by iPlanet.....
From: Peter W [mailto:peterw () USA NET]
Sent: Wednesday, January 24, 2001 5:35 AM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: iPlanet FastTrack/Enterprise 4.1 DoS clarifications
Regarding Peter Guendl's discovery of DoS attacks against iWS 4.1:
1) Peter G. reports that disabling the cache with cache-init is not
an effective workaround for the FastTrack problem.
2) I wrote that iWS 4.1 has "at least one huge hole (remote code
via SSL/TLS implementation bug)". Another reader has pointed out that
the SSL/TLS problem was announced as a Denial of Service
3) The note about Service Pack levels for iPlanet Enterprise 4.1 in
Peter Gruendl's "Netscape Enterprise Server Dot-Dot DoS" was somewhat
confusing. The iPlanet URL he refers to correctly states that the
latest supported iPlanet Web servers are 4.0sp6 and 4.1sp5. 4.1sp6
has not been released or officially announced by iPlanet.
 All Netscape-branded Web server products, including Netscape
have officially passed their end-of-life dates and are no longer