ID CVE-2002-1654
Summary iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.
References
Vulnerable Configurations
  • cpe:2.3:a:iplanet:iplanet_web_server:6.0
    cpe:2.3:a:iplanet:iplanet_web_server:6.0
  • cpe:2.3:a:iplanet:iplanet_web_server:enterprise_4.0
    cpe:2.3:a:iplanet:iplanet_web_server:enterprise_4.0
  • cpe:2.3:a:iplanet:iplanet_web_server:enterprise_4.1
    cpe:2.3:a:iplanet:iplanet_web_server:enterprise_4.1
  • Netscape Netscape Enterprise Server 2.0
    cpe:2.3:a:netscape:enterprise_server:2.0
  • Netscape Netscape Enterprise Server 3.0
    cpe:2.3:a:netscape:enterprise_server:3.0
  • Netscape Netscape Enterprise Server 3.1
    cpe:2.3:a:netscape:enterprise_server:3.1
  • Netscape Netscape Enterprise Server 3.2
    cpe:2.3:a:netscape:enterprise_server:3.2
  • Netscape Netscape Enterprise Server 3.3
    cpe:2.3:a:netscape:enterprise_server:3.3
  • Netscape Netscape Enterprise Server 3.4
    cpe:2.3:a:netscape:enterprise_server:3.4
  • Netscape Netscape Enterprise Server 3.5
    cpe:2.3:a:netscape:enterprise_server:3.5
  • Netscape Netscape Enterprise Server 3.6
    cpe:2.3:a:netscape:enterprise_server:3.6
CVSS
Base: 7.5 (as of 17-05-2005 - 17:15)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
refmap via4
bid 3831
cert-vn VU#985347
confirm http://www.kb.cert.org/vuls/id/AAMN-567NFX
misc
sectrack 1003157
vulnwatch 20020109 Netscape publishing wp-force-auth command
xf netscape-enterprise-http-brute-force(7845)
Last major update 05-09-2008 - 16:31
Published 31-12-2002 - 00:00
Last modified 10-07-2017 - 21:29
Back to Top