Netscape Enterprise Server Denial of Service Vulnerability

Netscape Enterprise Server is industrial-strength Web server software that enables organizations to publish content and deploy network-centric applications.

It's possible for a remote user to crash Netscape Enterprise Server by composing a maliciously-crafted GET request with approximately 1,344 double-dot (../) character sequences. This causes the server to stop responding entirely. This vulnerability will affect both the Web services and admin service.
This vulnerability only affects iPlanet version 4.1 SP5.

If successfully exploited, you must restart the Netscape Server's service in order to regain normal functionality. It should be noted that this vulnerability would have to be exploited twice in order to experience the expected result. Netscape Enterprise Server will restore both services after the first incident.

Upgrade to iPlanet Web Server Version 4.1 Service Pack 7 or later. The latest service pack is available for download fromSun ONE Web Server Enterprise Edition 4.1 Service Pack 13.