PT-2002-2378 · Netscape · Netscape Enterprise Server+1

Publicado

2002-12-31

Atualizado

2017-07-11

CVE-2002-1654

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions iPlanet Web Server Enterprise Edition versions 4.0 and 4.1 Netscape Enterprise Server versions 4.0 and 4.1

Description The issue allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command. This provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.

Recommendations For iPlanet Web Server Enterprise Edition versions 4.0 and 4.1, consider disabling the wp-force-auth Web Publisher command as a temporary workaround until a patch is available. For Netscape Enterprise Server versions 4.0 and 4.1, consider disabling the wp-force-auth Web Publisher command as a temporary workaround until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-1654

Produtos afetados

Netscape Enterprise Server

Iplanet Web Server Enterprise Edition

PT-2002-2378 · Netscape · Netscape Enterprise Server+1

CVE-2002-1654

Identificadores relacionados

Produtos afetados

Referências · 10