National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:netscape:enterprise_server:3.5
There are 5 matching records.
Vuln ID Summary CVSS Severity

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

Published: December 31, 2004; 12:00:00 AM -05:00
V2: 7.5 HIGH

iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.

Published: December 31, 2002; 12:00:00 AM -05:00
V2: 7.5 HIGH

The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request.

Published: December 31, 2002; 12:00:00 AM -05:00
V2: 5.0 MEDIUM

Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories.

Published: March 11, 2000; 12:00:00 AM -05:00
V2: 6.4 MEDIUM

Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file.

Published: July 30, 1999; 12:00:00 AM -04:00
V2: 5.0 MEDIUM