CVE-2002-1654

Description

iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.

Affected products

• iplanet / iplanet_web_server6.0 – 6.0
• iplanet / iplanet_web_serverenterprise_4.0 – enterprise_4.0
• iplanet / iplanet_web_serverenterprise_4.1 – enterprise_4.1
• netscape / enterprise_server2.0 – 2.0
• netscape / enterprise_server3.0 – 3.0
• netscape / enterprise_server3.1 – 3.1
• netscape / enterprise_server3.2 – 3.2
• netscape / enterprise_server3.3 – 3.3
• netscape / enterprise_server3.4 – 3.4
• netscape / enterprise_server3.5 – 3.5
• netscape / enterprise_server3.6 – 3.6

References

• MISChttp://www.kb.cert.org/vuls/id/AAMN-567NFX
• MISChttp://www.securityfocus.com/bid/3831
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/7845
• MISChttp://www.kb.cert.org/vuls/id/985347
• MAILING_LISThttp://lists.virus.org/vulnwatch-0201/msg00008.html
• MISChttp://www.procheckup.com/vulnerabilities/pr0105.html
• MISChttp://www.securiteam.com/securitynews/5IP0G0060Q.html
• MISChttp://securitytracker.com/id?1003157