Vulnerability Name:

CVE-2001-0746 (CCN-6554)

Assigned:2001-05-11
Published:2001-05-11
Updated:2017-12-19
Summary:Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: BUGTRAQ
Type: Patch, Vendor Advisory
20010515 iPlanet - Netscape Enterprise Web Publisher Buffer Overflow

Source: MITRE
Type: CNA
CVE-2001-0746

Source: CCN
Type: Important iPlanet Web Server 4.1 SP 3-7 Product Alert: May 11, 2001
Recommend Immediate Patch/Upgrade

Source: CONFIRM
Type: Patch, Vendor Advisory
http://iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html

Source: CCN
Type: eEye Digital Security Advisory AD20010515
iPlanet - Netscape Enterprise Web Publisher Buffer Overflow

Source: CCN
Type: OSVDB ID: 3235
iPlanet Web Publisher Remote Overflow

Source: BID
Type: Exploit, Patch, Vendor Advisory
2732

Source: CCN
Type: BID-2732
iPlanet Web Publisher Remote Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
netscape-enterprise-uri-bo(6554)

Source: XF
Type: UNKNOWN
netscape-enterprise-uri-bo(6554)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:iplanet:iplanet_web_server:4.1_sp3:*:*:*:*:*:*:*
  • OR cpe:/a:iplanet:iplanet_web_server:4.1_sp4:*:*:*:*:*:*:*
  • OR cpe:/a:iplanet:iplanet_web_server:4.1_sp5:*:*:*:*:*:*:*
  • OR cpe:/a:iplanet:iplanet_web_server:4.1_sp6:*:*:*:*:*:*:*
  • OR cpe:/a:iplanet:iplanet_web_server:4.1_sp7:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:netscape:enterprise_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:iplanet_web_server:4.1:sp3:*:*:*:*:*:*
  • OR cpe:/a:sun:iplanet_web_server:4.1:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:iplanet_web_server:4.1:sp5:*:*:*:*:*:*
  • OR cpe:/a:sun:iplanet_web_server:4.1:sp6:*:*:*:*:*:*
  • OR cpe:/a:sun:iplanet_web_server:4.1:sp7:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    iplanet iplanet web server 4.1_sp3
    iplanet iplanet web server 4.1_sp4
    iplanet iplanet web server 4.1_sp5
    iplanet iplanet web server 4.1_sp6
    iplanet iplanet web server 4.1_sp7
    netscape enterprise server 4.0
    netscape enterprise server 4.1
    sun iplanet web server 4.1 sp3
    sun iplanet web server 4.1 sp4
    sun iplanet web server 4.1 sp5
    sun iplanet web server 4.1 sp6
    sun iplanet web server 4.1 sp7