Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: iplanet.htm

IPlanet Web Server Enterprise 4.1 - multiple GETs consume all system memory, cause kernel panic



Vulnerability

    iPlanet

Affected

    iPlanet Web Server, Enterprise Edition 4.1

Description

    Eiji Ohki  found following.   This was  tested under  iPlanet  Web
    Server, Enterprise Edition  4.1 on Linux  2.2.5(Redhat6.1J; Kernel
    2.2.12).  When you try to send the request "GET" of seven  hundred
    times your product consumed all memory resouce and karnel paniced.
    The size  of GET  command to  your product  was about  a couple of
    thousands.  For  example, Apache is  able to refuse  the attack of
    DoS, when the maximam number of fork() is defined propery.

Solution

    Could not find  out any problem  when same situation  was given to
    the Enterprise Server International Edition 3.6SP2 on Solaris 2.6J
    (Sparc), the Enterprise Server 3.6SP3 on Solaris 2.6J (Sparc), the
    iPlanet  Web  Server,  Enterprise  Edition  4.0SP3 on Solaris 2.6J
    (Sparc) and the Apache  httpd on Redhat6.1J.   However, vulnerable
    vesrion was pre-release version:

        http://www.iplanet.com/downloads/download/detail_161_284.html


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH