Re: iPlanet Server vulnerable to HTTP TCP HEAD Attack

From: Jeff (spam-fighterat_private)
Date: Wed Apr 10 2002 - 22:18:12 PDT

  • Next message: Paul Cardon: "Re: iPlanet Server vulnerable to HTTP TCP HEAD Attack"

    Luis,
    
    Your server appears to be able to proxy anonymously when prompted with HTTP
    HEAD because it is running "Proxy-agent: iPlanet-Web-Proxy-Server/3.6"
    without enough access restrictions.  Check the access restriction capability
    of that server against its administration manuals, specifically the
    "Restricting Access" section of Chapter 5 starting at
    http://docs.iplanet.com/docs/manuals/proxy/36/adminux/access.htm#1014180 for
    Unix or
    http://docs.iplanet.com/docs/manuals/proxy/36/adminnt/access.htm#15490 for
    NT.
    
    Best Regards,  Jeff.
    
    
    ----- Original Message -----
    From: "Mendoza Bazan, Luis - (Per)" <luis.mendozaat_private>
    To: <incidentsat_private>; <bugtraqat_private>;
    <vuln-devat_private>
    Sent: Wednesday, April 10, 2002 11:45 AM
    Subject: iPlanet Server vulnerable to HTTP TCP HEAD Attack
    
    
    Hi,
    
    I have an iPlanet server that work as email server. This server has the
    following services enabled: SMTP, POP3 and HTTP. We detect the evidence that
    is in the files attached. If you know some advice or workaround about this,
    it will be welcome.
    We are searching in Sun some info but cannot find it.
    
    Best regards
    
    > Luis Mendoza
    > * luis.mendozaat_private
    > Esta comunicación es de carácter personal y no representa la posición
    oficial de AT&T Latin America - Perú
    > This communication is of personal character and it doesn't represent the
    official position of AT&T Latin America - Peru
    
    
    
    
    ----------------------------------------------------------------------------
    ----
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Thu Apr 11 2002 - 08:32:01 PDT