iPlanet Chunked Encoding Processing Remote Overflow

High Nessus Plugin ID 11068


The remote applicaiton server is affected by a buffer overflow vulnerability.


This host is running the Sun One/iPlanet web server 4.1 or 6.0. This web server contains an unchecked buffer in the 'Chunked Encoding' processing routines. By issuing a malformed request to the web server, a potential intruder can 'POST' extraneous data and cause the web server process to execute arbitrary code. This allows the potential intruder to gain access to this host.


The vendor has released Sun ONE web server 4.1 service pack 11 and 6.0 service pack 4 to fix this issue.

See Also


Plugin Details

Severity: High

ID: 11068

File Name: iplanet_chunked_encoding.nasl

Version: $Revision: 1.28 $

Type: remote

Family: Web Servers

Published: 2002/08/09

Modified: 2014/05/26

Dependencies: 10107, 17975, 10386

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Required KB Items: www/iplanet, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2002/07/23

Vulnerability Publication Date: 2004/04/09

Exploitable With


Reference Information

CVE: CVE-2002-0845

BID: 5433

OSVDB: 5070