6004452 2001-01-25 19:04 +0700 /53 rader/ Security Research Team <security@RELAYGROUP.COM> Sänt av: joel@lysator.liu.se Importerad: 2001-01-25 17:09 av Brevbäraren (som är implementerad i) Python Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM Externa svar till: security@RELAYGROUP.COM Mottagare: Bugtraq (import) <15011> Ärende: [SAFER] Security Bulletin 010125.DOS.1.5 ------------------------------------------------------------ From: Security Research Team <security@RELAYGROUP.COM> To: BUGTRAQ@SECURITYFOCUS.COM Message-ID: <20010125190434.A3468@relaygroup.com> __________________________________________________________ S.A.F.E.R. Security Bulletin 010125.DOS.1.5 __________________________________________________________ TITLE : Netscape Enterprise Server - REVLOG request problem DATE : January 25, 2001 NATURE : Denial-of-Service AFFECTED : Netscape Enterprise Server 3.x with Web Publishing enabled PROBLEM: Problems exists that allows remote user to crash Netscape Enterprise Server. DETAILS: It is possible to crash Netscape Enterprise Server by issuing: REVLOG / HTTP/1.0 Request might be repeated few times in order to crash NES completely. FIXES: Netscape has been contacted on multiple occasions. First time, more than a year ago. Although other problems we have reported have been fixed, we have received no response for this issue - to date. Workaround is to disable Web Publishing, or disable REVLOG request. CREDITS: Vanja Hrustic <vanja@relaygroup.com> Fyodor Yarochkin <fyodor@relaygroup.com> Emmanuel Gadaix <emmanuel@relaygroup.com> This advisory is also available at http://www.safermag.com/advisories/ __________________________________________________________ S.A.F.E.R. - Security Alert For Enterprise Resources Copyright (c) 2001 The Relay Group http://www.safermag.com ---- security@relaygroup.com __________________________________________________________ (6004452) --------------------------------(Ombruten)