iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Iplanet_web_server | Iplanet | 6.0 (including) | 6.0 (including) |
| Iplanet_web_server | Iplanet | enterprise_4.0 (including) | enterprise_4.0 (including) |
| Iplanet_web_server | Iplanet | enterprise_4.1 (including) | enterprise_4.1 (including) |
| Enterprise_server | Netscape | 2.0 (including) | 2.0 (including) |
| Enterprise_server | Netscape | 3.0 (including) | 3.0 (including) |
| Enterprise_server | Netscape | 3.1 (including) | 3.1 (including) |
| Enterprise_server | Netscape | 3.2 (including) | 3.2 (including) |
| Enterprise_server | Netscape | 3.3 (including) | 3.3 (including) |
| Enterprise_server | Netscape | 3.4 (including) | 3.4 (including) |
| Enterprise_server | Netscape | 3.5 (including) | 3.5 (including) |
| Enterprise_server | Netscape | 3.6 (including) | 3.6 (including) |
References
- http://lists.virus.org/vulnwatch-0201/msg00008.html
- http://securitytracker.com/id?1003157
- http://www.kb.cert.org/vuls/id/985347
- http://www.kb.cert.org/vuls/id/AAMN-567NFX
- http://www.procheckup.com/vulnerabilities/pr0105.html
- http://www.securiteam.com/securitynews/5IP0G0060Q.html
- http://www.securityfocus.com/bid/3831
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7845
- http://lists.virus.org/vulnwatch-0201/msg00008.html
- http://securitytracker.com/id?1003157
- http://www.kb.cert.org/vuls/id/985347
- http://www.kb.cert.org/vuls/id/AAMN-567NFX
- http://www.procheckup.com/vulnerabilities/pr0105.html
- http://www.securiteam.com/securitynews/5IP0G0060Q.html
- http://www.securityfocus.com/bid/3831
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7845