I've just detected a new Product Alert on iPlanets Web Site. I'm sending this information because I was not able to find it in the bugtraq archive yet. iPlanet does not seem to inform bugtraq (why?). The information posted herein can be found in http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html. ====================================================================== Important iPlanet Web Server 4.1 SP 3-7 Product Alert: Recommend Immediate Patch/Upgrade May 11, 2001 Two vulnerabilities have been identified within iPlanet Web Server(iWS): 1) A manipulation of the HTTP request headers sent to iWS, Enterprise Edition version 4.1 Service Packs 3 through 7 (iWS4.1sp3-7) can be exploited as a Denial of Service attack against users of iWS4.1sp3-7 on the Microsoft Windows NT platform*. 2) A manipulation of the HTTP request headers sent to iWS or Netscape Enterprise Server (NES) that have the Web Publisher feature enabled can be exploited as a Denial of Service attack. The risk from these attacks is completely eliminated by deployment of the following NSAPI. aix_flexlog2.tgz dec-osf1_flexlog2.tgz hpux_flexlog2.tgz linux_flexlog2.tgz solaris_flexlog2.tgz winnt_flexlog2.zip While only installations of iWS4.1sp3-7 on Windows NT are immediately vulnerable to this attack, all users of iWS4.1sp3-7 are advised to install the NSAPI. ====================================================================== _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.