CVE-2004-2763
https://notcve.org/view.php?id=CVE-2004-2763
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. La configuración por defecto de Sun ONE/iPlanet Web Server v4.1 SP! al SP2 y v6.0 SP1 al SP5 responde a las peticiones HTTP TRACE, lo que puede permitir a atacantes remotos el robo de información usando ataques de seguimiento de trazas en sitios cruzados (XST) en aplicaciones vulnerables a ataques de ejecución de secuencias de comandos en sitios cruzados. • http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf http://www.kb.cert.org/vuls/id/867593 • CWE-16: Configuration •
CVE-2002-1654
https://notcve.org/view.php?id=CVE-2002-1654
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection. • http://lists.virus.org/vulnwatch-0201/msg00008.html http://securitytracker.com/id?1003157 http://www.kb.cert.org/vuls/id/985347 http://www.kb.cert.org/vuls/id/AAMN-567NFX http://www.procheckup.com/vulnerabilities/pr0105.html http://www.securiteam.com/securitynews/5IP0G0060Q.html http://www.securityfocus.com/bid/3831 https://exchange.xforce.ibmcloud.com/vulnerabilities/7845 •
CVE-2002-0845
https://notcve.org/view.php?id=CVE-2002-0845
Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding. • http://marc.info/?l=bugtraq&m=102890933623192&w=2 http://www.iss.net/security_center/static/9799.php http://www.securityfocus.com/bid/5433 http://www.sun.com/service/support/software/iplanet/alerts/transferencodingalert-23july2002.html •
CVE-2002-0686
https://notcve.org/view.php?id=CVE-2002-0686
Buffer overflow in the search component for iPlanet Web Server (iWS) 4.1 and Sun ONE Web Server 6.0 allows remote attackers to execute arbitrary code via a long argument to the NS-rel-doc-name parameter. Desbordamiento de búfer en la búsqueda de componentes para iPlanet Web Server (iWS) 4.1 y 6.0 permite a atacantes remotos la ejecución arbitraria de código mediante un argumento largo en el parámetro NS-rel-doc-name. • http://marc.info/?l=bugtraq&m=102622220416889&w=2 http://www.iss.net/security_center/static/9506.php http://www.kb.cert.org/vuls/id/612843 http://www.nextgenss.com/vna/sun-iws.txt http://www.securityfocus.com/bid/4851 •