[20291] in bugtraq
Re: iPlanet Web Server 4.x Product Alert
daemon@ATHENA.MIT.EDU (Glen Shere)
Wed Apr 18 04:42:23 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.SGI.3.96.1010417155845.10357P-100000@flanger.it.rsad.edu>
Date: Tue, 17 Apr 2001 16:07:58 -0400
Reply-To: Glen Shere <gshere@RINGLING.EDU>
From: Glen Shere <gshere@RINGLING.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <F280OwNkpDnwLDeOCLk0000816a@hotmail.com>
Santi Claus wrote:
> iPlanet has identified a security vulnerability in the iPlanet
> Web Server Enterprise Edition 4.x products. This problem does
> not affect any releases of the product prior to the 4.x versions;
> however it does affect all iPlanet applications operating on the
> iPlanet Web Server platform. A patch and implementation
> instructions to address it are now available.
The iPlanet mail server ("Netscape Messaging Server") appears to use a
modified version of the iPlanet web server for its "HTTP service" (web
mail feature).
Could someone state authoritatively whether this vulnerability applies to
the iPlanet mail server's "HTTP service"?
If it is vulnerable, how is this patch applied to that server?
Thanks
Glen Shere
Systems Analyst, Institutional Technology
Ringling School of Art and Design
