Description
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.
Products
- iPlanet Web Server 6.0
- iPlanet Web Server Enterprise 4.0
- iPlanet Web Server Enterprise 4.1
- Netscape Netscape Enterprise Server 2.0
- Netscape Netscape Enterprise Server 3.0
- Netscape Netscape Enterprise Server 3.1
- Netscape Netscape Enterprise Server 3.2
- Netscape Netscape Enterprise Server 3.3
- Netscape Netscape Enterprise Server 3.4
- Netscape Netscape Enterprise Server 3.5
- Netscape Netscape Enterprise Server 3.6
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2002-1654, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2002-1654 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References