Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0746 — Improper Restriction of Operations within the Bounds of a Memory Buffer in WEB Server

5 documents4 sources

Severity

10.0CRITICALNVD

EPSS

49.5%

top 2.20%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Iplanet WEB Server

Timeline

PublishedOct 18

Latest updateApr 30

Description

Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDiplanet/iplanet_web_server5 versions+4

Patches

Patch: archives.neohapsis.com ↗Patch: iplanet.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-jqcv-2ph4-7vv9: Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4↗2022-04-30

▶

CVEList

CVE-2001-0746: Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4↗2001-10-12

▶

💥Exploits & PoCs

Exploit-DB

iPlanet 4.1 Web Publisher - Remote Buffer Overflow (2)↗2001-05-15

▶

Exploit-DB

iPlanet 4.1 Web Publisher - Remote Buffer Overflow (1)↗2001-05-15

▶