Netscape Servers Vulnerable to DoS Attack


Reported October 31, 2000 by CORE SDI

VERSIONS AFFECTED
  • Netscape Certificate Management System 4.2
  • Netscape Directory Server 4.12

DESCRIPTION

A problem with multiple components of the Netscape Server suite allows a malicious attacker to conduct denial of service attacks on systems running Netscape Server software.  

DEMONSTRATION

By sending the following URL to the listening Directory Services Gateway TCP Port on a server running Netscape Directory Server or Netscape Certificate Management System a malicious user can cause an exception error and the system will stop responding.

http://systemrunningnetscape:24326/dsgw/bin/search?context=%

VENDOR RESPONSE

Unfortunately, Netscape Communications/AOL has been very unresponsive about this issue.  The vendor has been notified by multiple parties but no public response has been given.

CREDIT
Discovered by CORE SDI

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish