CVE |
CVE-2002-0845 Exploit Pack |
CVE Name: CVE-2002-0845 |
|
VENDOR: Sun and Netscape |
|
Usage Notes: Requires a POSTABLE url. Any postable url will do. The exploit will tell you if the url you gave it was not postable. This exploit has old findsck shellcode in it, and will not work from behind a NAT. |
|
Development Notes: Exploit tested against IPlanet version 4.1 SP7, SP3, and SP9 on Solaris 9, 8 and 7 (sun4u) |
|
Install media: enterprise-4.1SP9-domestic-us.sparc-sun-solaris2.6.tar.gz |
|
Solaris 8 media Bonus Software CD: iPlanet Advantage Software volume 2: |
|
bash-2.03# strings /usr/netscape/server4/bin/https/bin/ns-httpd |
grep iPlanet-WebServer-Enterprise |
iPlanet-WebServer-Enterprise/4.1SP7 |
|
Post-Exploitation: WARNING: iPlanet web server will not serve web pages till you exit the shell listener. |
|
Date public: 08/08/2002 |
|
CERT Advisory: http://www.kb.cert.org/vuls/id/516648 |
|
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0845 |
|
CVSS: 7.5 |
|