PT-2000-1985 · Oracle · Iplanet Web Server

Published

2000-12-11

Updated

2017-10-10

CVE-2000-1077

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions iPlanet Web Server versions 4.x

Description The issue is related to a buffer overflow in the SHTML logging functionality. This allows remote attackers to execute arbitrary commands by providing a long filename with a .shtml extension.

Recommendations For iPlanet Web Server version 4.x, consider disabling the SHTML logging functionality as a temporary workaround until a patch is available. Restrict access to the SHTML logging module to minimize the risk of exploitation. Avoid using long filenames with a .shtml extension in the affected logging functionality until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-1077

Affected Products

Iplanet Web Server

PT-2000-1985 · Oracle · Iplanet Web Server

CVE-2000-1077

Related Identifiers

Affected Products

References · 3