Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:1538
HistoryApr 20, 2001 - 12:00 a.m.

@stake Security Advisory: iPlanet Web Server 4.x Response Header Overflow (A041601-1)

2001-04-2000:00:00
vulners.com
9

EPSS

0.014

Percentile

86.6%

JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                         @stake, Inc.
                       www.atstake.com

                 Security Advisory Notification

Advisory Name: iPlanet Web Server Enterprise Edition 4.0, 4.1
Response Header Overflow
Release Date: 04/16/2001
Application: iPlanet Web Server Enterprise Edition 4.0, 4.1
Platform: Solaris (2.6/7/8)
Windows (NT 4.0/2000)
Linux (2.2/2.4)
Severity: An attacker can retrieve user requests, cookies, log
data, user names, passwords, etc.
Author: Kevin Dunn ([email protected])
Chris Eng ([email protected])
Vendor Status: vendor has service pack and NSAPI module
CVE Candidate: CAN-2001-0327
Reference: www.atstake.com/research/advisories/2001/a041601-1.txt

Summary:

The iPlanet Web Server Enterprise Edition is a commercial web server
used by organizations to serve up static web content, as well as deliver
dynamic, personalized content retrieved from an application server or
database backend. It is one of the three most popular web servers found
on the Internet today, and a large number of secure, transactional
application sites use the iPlanet Web Server as their front-end web
server.

The iPlanet Web Server has an implementation flaw that allows any remote
user to retrieve data from the memory allocation pools on the running
server. The retrieved data usually consists of fragments from previous
HTTP requests and responses, including session identifiers, cookies,
form submissions, usernames and passwords, etc.

In the example of a home banking application deployed by a
financial institution, this would grant an attacker access to any
user accounts that logged in within some reasonable time before the
attack was launched. Supplied with a valid session identifier, the
application has no way of differentiating between the legitimate user
and the attacker before executing transfers, bill payments, equity
trades, etc. If persistent authentication credentials are used, in
the form of a "remember my password" or "autologin" feature, these
credentials could be used at any point in the future to access the
user's account.

This is a buffer overflow vulnerability in which improper
handling of response header values permits access to unauthorized
data. This vulnerability can be used by an attacker to retrieve
authentication and authorization credentials or to hijack existing
user sessions. The vulnerability can be exploited without crashing
the server and may occur within an SSL tunnel, making it extremely
difficult to detect. Requests can also be routed through anonymizing
proxies making it difficult to trace the request's origin.

Netscape Enterprise Server 3.6x does not appear to be vulnerable.

Under certain conditions, this vulnerability may also be used as a
denial of service attack.

Vendor Response:

iPlanet has acknowledged that the above described problem exists and
that it affects its iPlanet Web Server 4.x product line. iPlanet has
committed to addressing this vulnerability by issuing a fix on April 16
to be made available in two formats simultaneously: an upgrade,
iWS 4.1 SP7 and an NSAPI module that will shield the earlier versions
of the server from the problem. These fixes, which will wholly mitigate
the risk posed by this vulnerability, are available at:

http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert4.16.html

with implementation instructions and information on which fix is most
appropriate for which cases.

Advisory Reference:

http://www.atstake.com/research/advisories/2001/a041601-1.txt

** The advisory contains additional information. We encourage those
** effected by this issue to read the advisory.
**
** All vulnerablity database maintainers should reference the above
** advisory reference URL to refer to this advisory.

Advisory policy: http://www.atstake.com/research/policy/
For more advisories: http://www.atstake.com/research/advisories/
PGP Key: http://www.atstake.com/research/pgp_key.asc

Copyright 2001 @stake, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBOtvCPlESXwDtLdMhEQJwdACguQ0GKYH3eZLlhmrZSObFT1ieLQgAoO1p
G1EIitv0v0dl2stXdfDUpPBb
=gHXx
-----END PGP SIGNATURE-----

Related

cvelist 1
nvd 1
cve 1
cert 1
securityvulns 1
nessus 1
cvelist
cvelist
CVE-2001-0327
2002-03-09 05:00:00
nvd
nvd
CVE-2001-0327
2001-07-02 04:00:00
cve
cve
CVE-2001-0327
2002-03-09 05:00:00
cert
cert
iPlanet web servers expose sensitive data via buffer overflow
2001-04-17 00:00:00
securityvulns
securityvulns
iPlanet vulnerabilities on IRIX
2002-08-03 00:00:00
nessus
nessus
iPlanet Web Server Enterprise Edition URL-encoded Host: Information Disclosure
2003-09-29 00:00:00

EPSS

0.014

Percentile

86.6%

JSON
Related for SECURITYVULNS:DOC:1538
cvelist1nvd1cve1cert1securityvulns1nessus1