Netscape Enterprise Server Long Traversal Request Remote DoS

medium Nessus Plugin ID 10689

Synopsis

The remote server is vulnerable to a denial of service.

Description

The remote web server seems to crash when it is issued a too long request with dots (ie: ../../../../ 1000 times).

An attacker may use this flaw to disable the remote server.

Solution

http://www.iplanet.com/support/iws-alert/index.html

See Also

https://marc.info/?l=bugtraq&m=98035833331446&w=2

Plugin Details

Severity: Medium

ID: 10689

File Name: netscape_entreprise_dot_overflow.nasl

Version: 1.26

Type: remote

Family: Web Servers

Published: 6/15/2001

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:netscape:enterprise_server

Required KB Items: www/iplanet

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1/22/2001

Reference Information

CVE: CVE-2001-0252

BID: 2282