Immunity Canvas: IPLANET_CHUNKED

Type canvas
Reporter Immunity Canvas
Modified 2002-08-12T00:00:00


Name| iplanet_chunked
CVE| CVE-2002-0845
Exploit Pack| CANVAS
Description| iPlanet Chunked Encoding
Notes| References:
CVE Name: CVE-2002-0845
VENDOR: Sun and Netscape
Usage Notes: Requires a POSTABLE url. Any postable url will do. The exploit will tell you if the url you gave it was not postable. This exploit has old findsck shellcode in it, and will not work from behind a NAT.
Development Notes: Exploit tested against IPlanet version 4.1 SP7, SP3, and SP9 on Solaris 9, 8 and 7 (sun4u)
Install media: enterprise-4.1SP9-domestic-us.sparc-sun-solaris2.6.tar.gz
Solaris 8 media Bonus Software CD: iPlanet Advantage Software volume 2:
bash-2.03# strings /usr/netscape/server4/bin/https/bin/ns-httpd | grep iPlanet-WebServer-Enterprise
Post-Exploitation: WARNING: iPlanet web server will not serve web pages till you exit the shell listener.
Date public: 08/08/2002
CERT Advisory:
CVE Url:
CVSS: 7.5