Vulnerability Description
iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to retrieve sensitive data from memory allocation pools, or cause a denial of service, via a URL-encoded Host: header in the HTTP request, which reveals memory in the Location: header that is returned by the server.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iplanet | Iplanet Web Server | <= 4.1_enterprise |
References
- http://www.atstake.com/research/advisories/2001/a041601-1.txtPatchVendor Advisory
- http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert4.16.html
- http://www.kb.cert.org/vuls/id/276767US Government Resource
- http://www.osvdb.org/5704
- http://www.atstake.com/research/advisories/2001/a041601-1.txtPatchVendor Advisory
- http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert4.16.html
- http://www.kb.cert.org/vuls/id/276767US Government Resource
- http://www.osvdb.org/5704
FAQ
What is CVE-2001-0327?
CVE-2001-0327 is a vulnerability with a CVSS score of 5.0 (MEDIUM). iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to retrieve sensitive data from memory allocation pools, or cause a denial of service, via a URL-encoded Host: header in t...
How severe is CVE-2001-0327?
CVE-2001-0327 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0327?
Check the references section above for vendor advisories and patch information. Affected products include: Iplanet Iplanet Web Server.