Netscape Communications Corporation Unknown

Notified:  March 08, 2005 Updated: August 10, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Sun ONE, Netscape Enterprise Server, and Netscape iPlanet are (or were) related.

Novell, Inc. Unknown

Notified:  March 08, 2005 Updated: August 10, 2006

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Some Novell web server products are or were related to Netscape web servers.

Red Hat, Inc. Affected

Notified:  March 08, 2005 Updated: August 10, 2006

Status

Affected

Vendor Statement

Vendor Statement: Red Hat, Inc. Netscape Enterprise Server 6.0 is vulnerable to this issue. A work around that completely blocks this issue is available below. Please note that Netscape Enterprise Server 6.0 is discontinued and Red Hat will not be releasing software updates for this issue. Workaround: Set a default error message for "Not Found" that does not include a link to the referring page. To configure such a message, follow these steps: - Log into admin server - Select an instance to manage - Select Class Manager in the upper-right - Select the Content Management tab - Select Error Responses link in left frame - You need to define a Custom Error Response for Error code: Not found. - Add the entire path to a file under File, or redirect the user elsewhere. See the Help button for more information. - Save, then Apply to restart the server Alternatively, manually add an error response, such as the following, to obj.conf: Error fn="send-error" reason="Not Found" path="/path/to/docs/errors/notfound.html" The content that Netscape Enterprise Server would send without the referring site is: Not Found

Not Found

The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

Sun Microsystems, Inc. Affected

Notified:  March 08, 2005 Updated: August 10, 2006

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see Sun Alert Notification 102164.