header-logo
Suggest Exploit
vendor:
Enterprise Server
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Enterprise Server
Affected Version From: 3.6
Affected Version To: 3.6
Patch Exists: YES
Related CWE: CVE-2001-0206
CPE: a:netscape:enterprise_server:3.6
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2001

Buffer Overflow in Netscape Enterprise Server 3.6

A buffer overflow vulnerability exists in Netscape Enterprise Server 3.6 when a GET request containing more than 4080 characters is sent to the server. This causes the httpd.exe process to crash, resulting in a Dr. Watson error. This can be exploited to execute arbitrary code remotely.

Mitigation:

Upgrade to the latest version of Netscape Enterprise Server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1024/info

A GET request containing over 4080 characters will cause the httpd.exe process to crash within Netscape Enterprise Server 3.6, resulting in a Dr. Watson error. Arbitrary code can be executed remotely at this point. 

Netscape Enterprise Server 3.5 running on either Netware or Solaris is not known to be susceptible to this issue.

GET /(4080 character string) HTTP/1.0

Navigation

Suggest Exploit

Services By CQR