Description
Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file.
Product(s):
- Netscape Enterprise Server
- Netscape Netscape Enterprise Server 2.0
- Netscape Netscape Enterprise Server 3.0.1
- Netscape Enterprise Server 3.0.1b
- Netscape Netscape Enterprise Server 3.0
- Netscape Netscape Enterprise Server 3.1
- Netscape Netscape Enterprise Server 3.2
- Netscape Netscape Enterprise Server 3.3
- Netscape Netscape Enterprise Server 3.4
- Netscape Netscape Enterprise Server 3.5.1
- Netscape Netscape Enterprise Server 3.5
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-1999-1130, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-1999-1130 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.