PT-2002-2378 · Netscape · Netscape Enterprise Server+1

Published

2002-12-31

Updated

2017-07-11

CVE-2002-1654

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions iPlanet Web Server Enterprise Edition versions 4.0 and 4.1 Netscape Enterprise Server versions 4.0 and 4.1

Description The issue allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command. This provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.

Recommendations For iPlanet Web Server Enterprise Edition versions 4.0 and 4.1, consider disabling the wp-force-auth Web Publisher command as a temporary workaround until a patch is available. For Netscape Enterprise Server versions 4.0 and 4.1, consider disabling the wp-force-auth Web Publisher command as a temporary workaround until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1654

Affected Products

Netscape Enterprise Server

Iplanet Web Server Enterprise Edition

PT-2002-2378 · Netscape · Netscape Enterprise Server+1

CVE-2002-1654

Related Identifiers

Affected Products

References · 10