Comments within. Erik Fichtner wrote: > Is this vulnerability in other versions of Enterprise server? We tested the vulnerability against the current releases of Enterprise and Fasttrack. Earlier versions may be vulnerable, but they were not tested against. > Does it exist on all platforms? No, our advisory effects only NT, Solaris was tested against and found not vulnerable. AIX and other platforms were not tested against and these platforms potentially could be vulnerable. > Is this an issue only with the SSL server (SSL Handshake? huh? what does > THAT have to do with a GET request?) or does this affect the entire > server? Netscape decided to combine the GET overflow patch in with an SSL problem. This vulnerability affects the entire server. Netscapes handles their patch bundling, we have no involvment with that. > Are patches available for previous versions of Enterprise server? Not that we know of, If previous versions are found to be vulnerable Netscape should be contacted and will issue a patch at that time. ---- X-Force Internet Security Systems, Inc. (678) 443-6000 / http://xforce.iss.net/ Adaptive Network Security for the Enterprise
