COMMAND

    Netscape Enterprise Server

SYSTEMS AFFECTED

    Netscape Enterprise Server 4.1, SP5 for Windows NT 4.0

PROBLEM

    Peter Grundl (Defcom  Labs Advisory def-2001-04)  found following.
    The Netscape Enterprise Server 4.1, SP5 has a problem dealing with
    dotdot-URLs.  The problem can result in the service crashing.

    If a GET request is performed which includes at least 1344 x /../,
    the web service will  crash.  This goes  for both the normal  HTTP
    service and  the admin  service.   The crash  has to  be performed
    twice, since NES  will reestablish the  service the first  time it
    crashes.

    This has been  tested on Windows  NT 4.0, SP6a,  Windows 2000 Pro,
    Windows  2000  Server  with  or  without  SP1.   They all crash in
    exactly  the   same  way.    The  performed   installation  is   a
    "next-next-finish" of the web server downloaded from the following
    location:

        http://www.iplanet.com/downloads/download/2011.html

    (that being  the Windows  NT version).   To spell  it out: Iplanet
    (Sun + Netscape) has not admitted that their product is flawed  in
    any  way,  and  as  such  they  have  not released any fix for the
    problem.  Thus, it is very  unlikely that the issue will be  fixed
    in SP6 (when that is released).  On the other hand, older versions
    does not appear to suffer from the same defect, so maybe they will
    (unknowningly) code their way out of it again?

SOLUTION

    Workaround is none known.  Peter only come across this bug on 4.1,
    SP5, but  would not  rule out  the possibility  of it  existing in
    other versions.  Metscape suggests to upgrade to SP6:

        http://www.iplanet.com/support/iws-alert/index.html