__________________________________________________________ S.A.F.E.R. Security Bulletin 010125.DOS.1.5 __________________________________________________________ TITLE : Netscape Enterprise Server - REVLOG request problem DATE : January 25, 2001 NATURE : Denial-of-Service AFFECTED : Netscape Enterprise Server 3.x with Web Publishing enabled PROBLEM: Problems exists that allows remote user to crash Netscape Enterprise Server. DETAILS: It is possible to crash Netscape Enterprise Server by issuing: REVLOG / HTTP/1.0 Request might be repeated few times in order to crash NES completely. FIXES: Netscape has been contacted on multiple occasions. First time, more than a year ago. Although other problems we have reported have been fixed, we have received no response for this issue - to date. Workaround is to disable Web Publishing, or disable REVLOG request. CREDITS: Vanja Hrustic Fyodor Yarochkin Emmanuel Gadaix This advisory is also available at http://www.safermag.com/advisories/ __________________________________________________________ S.A.F.E.R. - Security Alert For Enterprise Resources Copyright (c) 2001 The Relay Group http://www.safermag.com ---- security@relaygroup.com __________________________________________________________