iPlanet Web Server Enterprise Edition URL-encoded Host: Information Disclosure

2001-04-16T23:10:20
ID OSVDB:5704
Type osvdb
Reporter Chris Eng(), Kevin Dunn()
Modified 2001-04-16T23:10:20

Description

Vulnerability Description

iPlanet Web Server Enterprise Edition 4.1 and earlier contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker fills the Host: header with characters that will be automatically URL-encoded by iPlanet before response handlers are called, which can either: disclose the heap contents written by other server functions information resulting in a loss of confidentiality; or cause a server thread/process to crash resulting in a loss of availability.

Solution Description

Upgrade to version 4.1 SP7 or higher, as it has been reported to fix this vulnerability. It is also possible to implement the NSAPI module that will shield the earlier versions of the server from the problem.

Short Description

iPlanet Web Server Enterprise Edition 4.1 and earlier contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker fills the Host: header with characters that will be automatically URL-encoded by iPlanet before response handlers are called, which can either: disclose the heap contents written by other server functions information resulting in a loss of confidentiality; or cause a server thread/process to crash resulting in a loss of availability.

References:

Other Advisory URL: http://www.atstake.com/research/advisories/2001/a041601-1.txt Keyword: Sun ONE Web Server Keyword: Sun Java System Web Server Keyword: Netscape Enterprise Server ISS X-Force ID: 8285 CVE-2001-0327 CERT VU: 276767 Bugtraq ID: 6826