High

CVE-2002-1654 - Unspecified vulnerability in multiple products

Publication: 2002-12-31
Summary

iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.

Risk level (CVSS 7.5)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Netscape Enterprise Server 2.0
  • Netscape Enterprise Server 3.0
  • Netscape Enterprise Server 3.1
  • Netscape Enterprise Server 3.2
  • Netscape Enterprise Server 3.3
  • Netscape Enterprise Server 3.4
  • Netscape Enterprise Server 3.5
  • Iplanet Iplanet WEB Server enterprise_4.1
  • Iplanet Iplanet WEB Server enterprise_4.0
  • Netscape Enterprise Server 3.6
  • Iplanet Iplanet WEB Server 6.0