Name | iplanet_chunked |
CVE | CVE-2002-0845 |
Exploit Pack | CANVAS |
Description | iPlanet Chunked Encoding |
Notes | References: http://www.sun.com/service/sunone/software/alerts/transferencodingalert-23july2002.html http://www.eeye.com/html/Research/Advisories/AD20020808a.html CVE Name: CVE-2002-0845 VENDOR: Sun and Netscape Usage Notes: Requires a POSTABLE url. Any postable url will do. The exploit will tell you if the url you gave it was not postable. This exploit has old findsck shellcode in it, and will not work from behind a NAT. Development Notes: Exploit tested against IPlanet version 4.1 SP7, SP3, and SP9 on Solaris 9, 8 and 7 (sun4u) Install media: enterprise-4.1SP9-domestic-us.sparc-sun-solaris2.6.tar.gz Solaris 8 media Bonus Software CD: iPlanet Advantage Software volume 2: bash-2.03# strings /usr/netscape/server4/bin/https/bin/ns-httpd | grep iPlanet-WebServer-Enterprise iPlanet-WebServer-Enterprise/4.1SP7 Post-Exploitation: WARNING: iPlanet web server will not serve web pages till you exit the shell listener. Date public: 08/08/2002 CERT Advisory: http://www.kb.cert.org/vuls/id/516648 CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0845 CVSS: 7.5 |
Learn more about the CANVAS Exploit Pack here: CANVAS |