CVE-2002-1654

Severity

75%

Complexity

99%

Confidentiality

106%

iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.

iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Netscape Netscape Enterprise Server

First reported 22 years ago

2002-12-31 05:00:00

Last updated 7 years ago

2017-07-11 01:29:00

Affected Software

Netscape Netscape Enterprise Server 2.0

2.0

Netscape Netscape Enterprise Server 3.0

3.0

Netscape Netscape Enterprise Server 3.1

3.1

Netscape Netscape Enterprise Server 3.2

3.2

Netscape Netscape Enterprise Server 3.3

3.3

Netscape Netscape Enterprise Server 3.4

3.4

Netscape Netscape Enterprise Server 3.5

3.5

Netscape Netscape Enterprise Server 3.6

3.6

References

20020109 Netscape publishing wp-force-auth command

Exploit, Patch

1003157

Exploit, Patch

VU#985347

Patch, US Government Resource

http://www.kb.cert.org/vuls/id/AAMN-567NFX

http://www.procheckup.com/vulnerabilities/pr0105.html

http://www.securiteam.com/securitynews/5IP0G0060Q.html

Exploit, Patch

3831

Exploit, Patch

netscape-enterprise-http-brute-force(7845)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.