漏洞类别:Web server漏洞等级: 
漏洞信息
By sending a specially-crafted request comprised of approximately 198 to 240 characters with a .shtml (default) file extension, unauthorized users can cause a buffer overflow and execute arbitrary code. This is due to the way iPlanet parses .shtml files.
漏洞危害
Successful exploitation of this vulnerability could lead to a complete compromise of the host.
解决方案
This vulnerability was addressed in iPlanet Web Server Version 4.1 Service Pack 4.
The latest service pack is available for download from Sun ONE Web Server Enterprise Edition 4.1 Service Pack 13.
Alternatively, as a workaround, disable the "Parsed HTML" option on vulnerable servers. This disables parsing of .shtml files, which may affect the functionality of your Web server but prevents this vulnerability from being exploited.
0day
文章评论