[20613] in bugtraq
iPlanet Web Server 4.1 SP 4-7 Product Alert
daemon@ATHENA.MIT.EDU (Santi Claus)
Tue May 15 04:28:29 2001
From: "Santi Claus" <wurzelsepp201@hotmail.com>
To: bugtraq@securityfocus.com
Date: Mon, 14 May 2001 12:50:29 -0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F51BdXY7vcYLByFNqVN00004667@hotmail.com>
I've just detected a new Product Alert on iPlanets Web Site. I'm
sending this information because I was not able to find it in the
bugtraq archive yet. iPlanet does not seem to inform bugtraq
(why?). The information posted herein can be found in
http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html.
======================================================================
Important iPlanet Web Server 4.1 SP 3-7
Product Alert:
Recommend Immediate Patch/Upgrade
May 11, 2001
Two vulnerabilities have been identified within iPlanet Web Server(iWS):
1) A manipulation of the HTTP request headers sent to iWS, Enterprise
Edition version 4.1 Service Packs 3 through 7 (iWS4.1sp3-7) can be
exploited as a Denial of Service attack against users of iWS4.1sp3-7
on the Microsoft Windows NT platform*.
2) A manipulation of the HTTP request headers sent to iWS or Netscape
Enterprise Server (NES) that have the Web Publisher feature enabled
can be exploited as a Denial of Service attack.
The risk from these attacks is completely eliminated by deployment of
the following NSAPI.
aix_flexlog2.tgz
dec-osf1_flexlog2.tgz
hpux_flexlog2.tgz
linux_flexlog2.tgz
solaris_flexlog2.tgz
winnt_flexlog2.zip
While only installations of iWS4.1sp3-7 on Windows NT are
immediately vulnerable to this attack, all users of iWS4.1sp3-7 are
advised to install the NSAPI.
======================================================================
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
