CVE-1999-1130

Name of the Vulnerable Software and Affected Versions Netscape Enterprise Server version 3.5.1

Description The default configuration of the search engine in the affected software allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file.

Recommendations For Netscape Enterprise Server version 3.5.1, consider changing the default configuration of the search engine to prevent remote attackers from reading the source of JHTML files. As a temporary workaround, restrict access to the search functionality until a more permanent solution is implemented.