PT-2001-1634 · Oracle · Oracle Application Server+1

Published

2001-05-24

Updated

2016-10-18

CVE-2001-0419

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions iPlanet Web Server versions 4.1

Description A buffer overflow issue exists in the shared library ndwfn4.so for iPlanet Web Server, specifically when used as a web listener for Oracle application server 4.0.8.2. This issue allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as the API endpoint "/jsp/".

Recommendations For iPlanet Web Server version 4.1, consider restricting access to the shared library ndwfn4.so as a temporary workaround until a patch is available. Avoid using long HTTP requests to the application server until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0419

Affected Products

Oracle Application Server

Iplanet Web Server

PT-2001-1634 · Oracle · Oracle Application Server+1

CVE-2001-0419

Related Identifiers

Affected Products

References · 5