6004452 2001-01-25 19:04 +0700  /53 rader/ Security Research Team <security@RELAYGROUP.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-01-25  17:09  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: security@RELAYGROUP.COM
Mottagare: Bugtraq (import) <15011>
Ärende: [SAFER] Security Bulletin 010125.DOS.1.5
------------------------------------------------------------
From: Security Research Team <security@RELAYGROUP.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <20010125190434.A3468@relaygroup.com>

__________________________________________________________

      S.A.F.E.R. Security Bulletin 010125.DOS.1.5
__________________________________________________________


TITLE    : Netscape Enterprise Server - REVLOG request problem
DATE     : January 25, 2001
NATURE   : Denial-of-Service
AFFECTED : Netscape Enterprise Server 3.x with Web Publishing enabled

PROBLEM:

Problems exists that allows remote user to crash Netscape Enterprise
Server.

DETAILS:

It is possible to crash Netscape Enterprise Server by issuing:

REVLOG / HTTP/1.0

Request might be repeated few times in order to crash NES completely.

FIXES:

Netscape has been contacted on multiple occasions. First time, more
than a year ago.

Although other problems we have reported have been fixed, we have
received no response for this issue - to date.

Workaround is to disable Web Publishing, or disable REVLOG request.

CREDITS:

Vanja Hrustic <vanja@relaygroup.com>
Fyodor Yarochkin <fyodor@relaygroup.com>
Emmanuel Gadaix <emmanuel@relaygroup.com>



This advisory is also available at http://www.safermag.com/advisories/

__________________________________________________________

   S.A.F.E.R. - Security Alert For Enterprise Resources
          Copyright (c) 2001 The Relay Group
  http://www.safermag.com  ----  security@relaygroup.com
__________________________________________________________
(6004452) --------------------------------(Ombruten)