Netscape Enterprise Server Basic Authentication Buffer Overflow RCE (EGGBASKET/XP_NS-HTTPD)

Critical Nessus Plugin ID 100511


A web application running on the remote host is affected by a remote code execution vulnerability.


According to its banner, the Netscape Enterprise Server running on the remote host is either version 3.6 or 3.6 SP1. It is, therefore, affected by a buffer overflow condition in the HTTP Basic Authentication module of the server. An unauthenticated, remote attacker can exploit this to execute arbitrary code with elevated privileges.

EGGBASKET is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/08 by a group known as the Shadow Brokers.

Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.


Contact the vendor for a patch.

See Also

Plugin Details

Severity: Critical

ID: 100511

File Name: netscape_enterprise_basic_auth_overflow.nasl

Version: $Revision: 1.2 $

Type: remote

Family: Web Servers

Published: 2017/05/30

Modified: 2017/05/31

Dependencies: 10582, 10107, 17975

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C


Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:netscape:enterprise_server

Required KB Items: Settings/ParanoidReport, www/iplanet

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1999/12/01

Reference Information

CVE: CVE-1999-0853

BID: 847

OSVDB: 1153