Vulners
Lucene search
iplanet.dos.txt
`Hello,
I could find out the denial of service effected to iPlanet
Web Server, Enterprise Edition 4.1 on Linux 2.2.5(Redhat6.1J;
Kernel 2.2.12).
When I tried to send the request "GET" of seven hundred times
your product consumed all memory resouce and karnel paniced.
The size of GET command to your product was about a couple of
thousands.
But I could not find out any problem when I gave same situation
to the Enterprise Server International Edition 3.6SP2 on
Solaris 2.6J (Sparc), the Enterprise Server 3.6SP3 on Solaris
2.6J (Sparc) , the iPlanet Web Server, Enterprise Edition 4.0SP3
on Solaris 2.6J (Sparc) and the Apache httpd on Redhat6.1J.
For example, Apache is able to refuse the attack of DoS, when
the maximam number of fork() is defined propery.
Does this product do nothing?
I have posted this problem to Netscape by input-form on the web.
BUT I have no response from them for three weeks.
So I have sent to the staff of Netscape who use his influence
for me by Feb 18th. BUT he reply me NOTHING yet. They ignore me?
My original message to Netscape is follows.
(I typed and chose on the Web of Netscape.)
> ------------------------------
> From: [email protected]
> Subject: Denial of Service for the iPlanet Web Server, Enterprise Edition 4.1
>
> Submitter name: Eiji Ohki
> Submitter email address: [email protected]
> Acknowledgement checkbox: on
> Product: Enterprise Server
> Version: 4.1
> Operating system: Unix: Sun Solaris 2.x
> OS version: Linux 2.2.5(Redhat6.1J;Kernel 2.2.12
> Issue summary: Denial of service effected to Enterprise Server4.1.
>
> Issue details:
> Dear Sir/Madame,
>
> Hello,
>
> I could find out the denial of service effected to iPlanet
> Web Server, Enterprise Edition 4.1 on Linux 2.2.5(Redhat6.1J;
> Kernel 2.2.12).
>
> When I tried to send the request "GET" of seven hundred times
> your product consumed all memory resouce and karnel paniced.
> The size of GET command to your product was about a couple of
> thousands.
>
> But I could not find out any problem when I gave same situation
> to the Enterprise Server International Edition 3.6SP2 on
> Solaris 2.6J (Sparc), the Enterprise Server 3.6SP3 on Solaris
> 2.6J (Sparc) , the iPlanet Web Server, Enterprise Edition 4.0SP3
> on Solaris 2.6J (Sparc) and the Apache httpd on Redhat6.1J.
>
> Do you have any solutions about this problem ?
> For example, Apache is able to refuse the attack of DoS, when
> the maximam number of fork() is defined propery.
> By the way, I saw this problem is very informative.
> So can I post this isssue to Bugtraq and Bugtraq-JP?
>
>
>
> Severity: Server computer hangs/crashes
> Can reproduce?: Yes, Always
>
> Additional computer info:
> CPU:Celeron333MHz
> HD:4.3GB(total), 44% in use.
> Swap:150MB
> No XWindow
>
> ps.This input form do not have selection of OS "Linux".
> So I chose "Unix:Sun Solaris2.x" unwillingly.
> I think I have to choose "Linux: Redhat" or "PC-Unix: Linux".
>
>
> This form was submitted from http://help.netscape.com/forms/bug-server.html
> with Mozilla/4.7 [ja] (WinNT; I).
> ------------------------------
Regards,
Eiji Ohki
E I J I O H K I
[email protected]
http://www.lac.co.jp/security/
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Feb 2000 00:00Current
7.4High risk
Vulners AI Score7.4