Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1654

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1654
Last Modified 05 Sep 2008 04:31:10
Published 31 Dec 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1654

Summary

iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.

Vulnerable Systems

Application

  • Iplanet Web Server 6.0

  • Iplanet Web Server Enterprise 4.0

  • Iplanet Web Server Enterprise 4.1

  • Netscape Enterprise Server 2.0

  • Netscape Enterprise Server 3.0

  • Netscape Enterprise Server 3.1

  • Netscape Enterprise Server 3.2

  • Netscape Enterprise Server 3.3

  • Netscape Enterprise Server 3.4

  • Netscape Enterprise Server 3.5

  • Netscape Enterprise Server 3.6


References

CERT-VN - VU#985347

XF - netscape-enterprise-http-brute-force(7845)

BID - 3831

MISC - http://www.securiteam.com/securitynews/5IP0G0060Q.html

SECTRACK - 1003157

VULNWATCH - 20020109 Netscape publishing wp-force-auth command

CONFIRM - http://www.kb.cert.org/vuls/id/AAMN-567NFX


Last Updated: 27 May 2016 10:37:26