CVE-2002-1654
CVSS7.5
发布时间 :2002-12-31 00:00:00
修订时间 :2008-09-05 16:31:10
NMCO    

[原文]iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.


[CNNVD]Netscape企业Web服务器蛮力授权攻击漏洞(CNNVD-200212-596)

        iPlanet Web服务器企业版和 Netscape企业版服务器4.0和4.1版本存在漏洞。远程攻击者可以借助wp-force-auth Web Publisher命令执行HTTP基本认证,该漏洞提供不同的攻击向量并可能更容易在无探测时执行暴力密码猜测。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:netscape:enterprise_server:3.6Netscape Netscape Enterprise Server 3.6
cpe:/a:netscape:enterprise_server:3.5Netscape Netscape Enterprise Server 3.5
cpe:/a:netscape:enterprise_server:3.3Netscape Netscape Enterprise Server 3.3
cpe:/a:iplanet:iplanet_web_server:enterprise_4.1
cpe:/a:netscape:enterprise_server:3.4Netscape Netscape Enterprise Server 3.4
cpe:/a:netscape:enterprise_server:3.2Netscape Netscape Enterprise Server 3.2
cpe:/a:netscape:enterprise_server:3.0Netscape Netscape Enterprise Server 3.0
cpe:/a:netscape:enterprise_server:3.1Netscape Netscape Enterprise Server 3.1
cpe:/a:iplanet:iplanet_web_server:6.0
cpe:/a:iplanet:iplanet_web_server:enterprise_4.0
cpe:/a:netscape:enterprise_server:2.0Netscape Netscape Enterprise Server 2.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1654
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1654
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-596
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/985347
(PATCH)  CERT-VN  VU#985347
http://xforce.iss.net/xforce/xfdb/7845
(PATCH)  XF  netscape-enterprise-http-brute-force(7845)
http://www.securityfocus.com/bid/3831
(PATCH)  BID  3831
http://www.securiteam.com/securitynews/5IP0G0060Q.html
(PATCH)  MISC  http://www.securiteam.com/securitynews/5IP0G0060Q.html
http://securitytracker.com/id?1003157
(PATCH)  SECTRACK  1003157
http://lists.virus.org/vulnwatch-0201/msg00008.html
(PATCH)  VULNWATCH  20020109 Netscape publishing wp-force-auth command
http://www.kb.cert.org/vuls/id/AAMN-567NFX
(UNKNOWN)  CONFIRM  http://www.kb.cert.org/vuls/id/AAMN-567NFX

- 漏洞信息

Netscape企业Web服务器蛮力授权攻击漏洞
高危 设计错误
2002-12-31 00:00:00 2006-09-05 00:00:00
远程  
        iPlanet Web服务器企业版和 Netscape企业版服务器4.0和4.1版本存在漏洞。远程攻击者可以借助wp-force-auth Web Publisher命令执行HTTP基本认证,该漏洞提供不同的攻击向量并可能更容易在无探测时执行暴力密码猜测。

- 公告与补丁

        The following solution has been taken from the iPlanet Knowledge Base Article ID: 7764:
        When you enable web publishing, you should treat the web server as an environment that must be secured. Ensure that users follow proper password policies such as using hard to guess passwords. If intruder detection software is used, it should be configured to check for ?wp-force-auth requests.
        HTTP basic authentication is generally not considered a secure mechanism and should be run over a SSL-enabled port. In addition, access logs should be monitored for suspicious requests. A better alternative would be to use client certificates, which are much more secure.

- 漏洞信息

13305
Netscape / iPlanet Web Server ?wp-force-auth Brute Force Weakness

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-01-08 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站