Netscape Enterprise Server Accept Header Remote Overflow

Medium Nessus Plugin ID 10154


The remote service is prone to a buffer overflow.


The remote web server seems to crash when it is issued a too long argument to the 'Accept:' command :

Example :

GET / HTTP/1.0 Accept: <thousands of chars>/gif

This may allow an attacker to execute arbitrary code on the remote system.


Upgrade to a version of Netscape Enterprise Server greater than 3.6.

Plugin Details

Severity: Medium

ID: 10154

File Name: netscape_accept_overflow.nasl

Version: $Revision: 1.33 $

Type: remote

Family: Web Servers

Published: 1999/09/12

Modified: 2014/05/26

Dependencies: 10107

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:netscape:enterprise_server

Required KB Items: www/iplanet, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1999/09/13

Reference Information

CVE: CVE-1999-0751

BID: 631

OSVDB: 120