[20302] in bugtraq
Re: iPlanet Web Server 4.x Product Alert
daemon@ATHENA.MIT.EDU (Perrier,Kent - PLANO)
Wed Apr 18 14:55:37 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <3ADD9D8F.5030303@oneco.net>
Date: Wed, 18 Apr 2001 08:58:39 -0500
Reply-To: "Perrier,Kent - PLANO" <kent.perrier@oneco.net>
From: "Perrier,Kent - PLANO" <Kent.Perrier@oneco.net>
X-To: Glen Shere <gshere@RINGLING.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
Glen Shere wrote:
> Santi Claus wrote:
>
>
>> iPlanet has identified a security vulnerability in the iPlanet
>> Web Server Enterprise Edition 4.x products. This problem does
>> not affect any releases of the product prior to the 4.x versions;
>> however it does affect all iPlanet applications operating on the
>> iPlanet Web Server platform. A patch and implementation
>> instructions to address it are now available.
>
>
> The iPlanet mail server ("Netscape Messaging Server") appears to use a
> modified version of the iPlanet web server for its "HTTP service" (web
> mail feature).
>
> Could someone state authoritatively whether this vulnerability applies to
> the iPlanet mail server's "HTTP service"?
While I cannot authoritatively state that this vulnerability exists
in the webmail server, I can say that the httpd service is NOT
provided by iWS. iPlanet Messenger ships with its own web server
that is not iWS.
--
Kent
