iPlanet Web Server Enterprise Edition URL-encoded Host: Information Disclosure

Medium Nessus Plugin ID 11856


The remote web server is affected by an information disclosure vulnerability.


According to its self reported version number, the remote iPlanet web server is affected by an information disclosure vulnerability wherein a remote user can retrieve sensitive data from memory allocation pools or cause a denial of service against the server.

*** Since Nessus solely relied on the banner of this server,
*** (and iPlanet 4 does not include the SP level in the banner),
*** to issue this alert, this may be a false positive.


Update to iPlanet 4.1 SP7 or later.

Plugin Details

Severity: Medium

ID: 11856

File Name: iplanet_data_snag.nasl

Version: $Revision: 1.28 $

Type: remote

Family: Web Servers

Published: 2003/09/29

Modified: 2017/03/09

Dependencies: 10107, 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND


Base Score: 5.3

Temporal Score: 4.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:W/RC:C

Vulnerability Information

Required KB Items: www/iplanet

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2001/04/17

Reference Information

CVE: CVE-2001-0327

BID: 6826

OSVDB: 5704

CERT: 276767