{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/276767#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"A buffer overflow exists in the iPlanet Web Servers (Enterprise and FastTrack Editions) that may allow remote attackers to gain read access to sensitive information contained in the memory of the web server process. The information disclosed may include userids, passwords, cookies or authentication data belonging to other users of the web server. With this data the attacker may be able to falsely authenticate themselves to the web server as other users. In some cases, the attacker may be able to prevent the normal operation of the web server using this vulnerability.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/276767"}],"title":"iPlanet web servers expose sensitive data via buffer overflow","tracking":{"current_release_date":"2001-04-17T14:28:08+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#276767","initial_release_date":"2001-04-16 00:00:00+00:00","revision_history":[{"date":"2001-04-17T14:28:08+00:00","number":"1.20010417142808.13","summary":"Released on 2001-04-17T14:28:08+00:00"}],"status":"final","version":"1.20010417142808.13"}},"vulnerabilities":[{"notes":[{"category":"general","text":"No vulnerabilities have been defined at this time for this report"}]}]}