OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Security Research Team (securityRELAYGROUP.COM)
Date: Thu Jan 25 2001 - 06:04:34 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    __________________________________________________________

          S.A.F.E.R. Security Bulletin 010125.DOS.1.5
    __________________________________________________________

    TITLE : Netscape Enterprise Server - REVLOG request problem
    DATE : January 25, 2001
    NATURE : Denial-of-Service
    AFFECTED : Netscape Enterprise Server 3.x with Web Publishing enabled

    PROBLEM:

    Problems exists that allows remote user to crash Netscape Enterprise Server.

    DETAILS:

    It is possible to crash Netscape Enterprise Server by issuing:

    REVLOG / HTTP/1.0

    Request might be repeated few times in order to crash NES completely.

    FIXES:

    Netscape has been contacted on multiple occasions. First time, more than a year ago.

    Although other problems we have reported have been fixed, we have received no response for this issue - to date.

    Workaround is to disable Web Publishing, or disable REVLOG request.

    CREDITS:

    Vanja Hrustic <vanjarelaygroup.com>
    Fyodor Yarochkin <fyodorrelaygroup.com>
    Emmanuel Gadaix <emmanuelrelaygroup.com>

    This advisory is also available at http://www.safermag.com/advisories/

    __________________________________________________________

       S.A.F.E.R. - Security Alert For Enterprise Resources
              Copyright (c) 2001 The Relay Group
      http://www.safermag.com ---- securityrelaygroup.com
    __________________________________________________________