mailing list archives
iPlanet Web Server 4.1 SP 4-7 Product Alert
From: "Santi Claus" <wurzelsepp201 () hotmail com>
Date: Mon, 14 May 2001 12:50:29 -0000
I've just detected a new Product Alert on iPlanets Web Site. I'm
sending this information because I was not able to find it in the
bugtraq archive yet. iPlanet does not seem to inform bugtraq
(why?). The information posted herein can be found in
Important iPlanet Web Server 4.1 SP 3-7
Recommend Immediate Patch/Upgrade
May 11, 2001
Two vulnerabilities have been identified within iPlanet Web Server(iWS):
1) A manipulation of the HTTP request headers sent to iWS, Enterprise
Edition version 4.1 Service Packs 3 through 7 (iWS4.1sp3-7) can be
exploited as a Denial of Service attack against users of iWS4.1sp3-7
on the Microsoft Windows NT platform*.
2) A manipulation of the HTTP request headers sent to iWS or Netscape
Enterprise Server (NES) that have the Web Publisher feature enabled
can be exploited as a Denial of Service attack.
The risk from these attacks is completely eliminated by deployment of
the following NSAPI.
While only installations of iWS4.1sp3-7 on Windows NT are
immediately vulnerable to this attack, all users of iWS4.1sp3-7 are
advised to install the NSAPI.
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
- iPlanet Web Server 4.1 SP 4-7 Product Alert Santi Claus (May 15)