|
|
iPlanet Web Server回应头信息缓冲区溢出漏洞
发布时间:2001-04-16
更新时间:2003-02-11
严重程度:高
威胁程度:服务器信息泄露
错误类型:边界检查错误
利用方式:服务器模式
BUGTRAQ ID:6826
受影响系统iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP6
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP5
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP4
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP3
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP2
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP1
iPlanet E-Commerce Solutions iPlanet Web Server 4.1
-HP HP-UX 11.0
-IBM AIX 4.3.3
-Linux kernel 2.2.12
-Microsoft Windows NT 4.0
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise
Edition 4.0 SP6
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise
Edition 4.0 SP5
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise
Edition 4.0 SP4
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise
Edition 4.0 SP3
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise
Edition 4.0 SP2
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise
Edition 4.0 SP1
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise
Edition 4.0
-Compaq Tru64 5.0 a
-Compaq Tru64 5.1
-HP HP-UX 11i
-HP HP-UX 11.0
-Microsoft Windows 2000 Workstation SP1
-Microsoft Windows 2000 Workstation SP2
-Microsoft Windows NT 4.0 SP6
-Microsoft Windows NT 4.0 SP6a
-RedHat Linux 6.2
-Sun Solaris 2.6
-Sun Solaris 7.0
-Sun Solaris 8.0 详细描述
iPlanet在处理HTTP请求头信息'Host:'字段存在缓冲区溢出漏洞。
服务器返回的HTTP回应头信息的'Location:'可能包含内存的敏感信息。远程攻击者甚至可能通过这个漏洞在服务器上执行任意指令。
解决方案
升级到iPlanet Web Server 4.1sp7版本:
http://www.iplanet.com/
相关信息
发现者:@stake
相关信息:http://www.atstake.com/research/advisories/2001/a041601-1.txt
|
