Lucene search
K

enterprise3.6.txt

🗓️ 19 Sep 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 28 Views

Vulnerability in Netscape Enterprise Server 3.6 SP2 allows service crashes via malformed URL.

Code
`From: Nobuo Miwa <[email protected]>   
Subject: Accept overflow on Netscape Enterprise Server 3.6 SP2   
  
Hi,  
  
I found a vulnerability in "Enterprise 3.6 SP 2 SSL Handshake fix"..  
I sent a malformed URL to the server and its service was dead.  
  
  
Its URL is following...  
  
  
GET / HTTP/1.0  
Accept: aaaaaaaaaaaaaa...2000byte/gif  
  
  
Ofcourse you must be able to execute small code you like with  
"long Accept" command(just like htr problem on IIS).  
  
  
I've reported this to Netscape on 31st Aug. They've just  
finished making the patch(maybe SP3). It must be released soon.  
I'm gonna post this to BUGTRAQ after they release the patch, but  
someone posted it to some other mailing lists. So I decided  
to post it to here today.  
  
  
Thanks,  
Nobuo Miwa(Moderator of BUGTRAQ-JP)  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation