[18810] in bugtraq
[SAFER] Security Bulletin 010125.DOS.1.5
daemon@ATHENA.MIT.EDU (Security Research Team)
Thu Jan 25 11:39:58 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20010125190434.A3468@relaygroup.com>
Date: Thu, 25 Jan 2001 19:04:34 +0700
Reply-To: Security Research Team <security@RELAYGROUP.COM>
From: Security Research Team <security@RELAYGROUP.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
__________________________________________________________
S.A.F.E.R. Security Bulletin 010125.DOS.1.5
__________________________________________________________
TITLE : Netscape Enterprise Server - REVLOG request problem
DATE : January 25, 2001
NATURE : Denial-of-Service
AFFECTED : Netscape Enterprise Server 3.x with Web Publishing enabled
PROBLEM:
Problems exists that allows remote user to crash Netscape Enterprise Server.
DETAILS:
It is possible to crash Netscape Enterprise Server by issuing:
REVLOG / HTTP/1.0
Request might be repeated few times in order to crash NES completely.
FIXES:
Netscape has been contacted on multiple occasions. First time, more than a year ago.
Although other problems we have reported have been fixed, we have received no response for this issue - to date.
Workaround is to disable Web Publishing, or disable REVLOG request.
CREDITS:
Vanja Hrustic <vanja@relaygroup.com>
Fyodor Yarochkin <fyodor@relaygroup.com>
Emmanuel Gadaix <emmanuel@relaygroup.com>
This advisory is also available at http://www.safermag.com/advisories/
__________________________________________________________
S.A.F.E.R. - Security Alert For Enterprise Resources
Copyright (c) 2001 The Relay Group
http://www.safermag.com ---- security@relaygroup.com
__________________________________________________________
