CVE-2001-0327 — WEB Server vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

1.4%

top 19.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Iplanet WEB Server

Timeline

PublishedJul 2

Latest updateApr 30

Description

iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to retrieve sensitive data from memory allocation pools, or cause a denial of service, via a URL-encoded Host: header in the HTTP request, which reveals memory in the Location: header that is returned by the server.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDiplanet/iplanet_web_server4.1_enterprise

Patches

Patch: www.atstake.com ↗Patch: www.atstake.com ↗

🔴Vulnerability Details

GHSA

GHSA-pqgv-mxxh-ccp2: iPlanet Web Server Enterprise Edition 4↗2022-04-30

▶

CVEList

CVE-2001-0327: iPlanet Web Server Enterprise Edition 4↗2002-03-09

▶