Notified: March 08, 2005 Updated: August 10, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Sun ONE, Netscape Enterprise Server, and Netscape iPlanet are (or were) related.
Notified: March 08, 2005 Updated: August 10, 2006
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Some Novell web server products are or were related to Netscape web servers.
Notified: March 08, 2005 Updated: August 10, 2006
Affected
Vendor Statement: Red Hat, Inc. Netscape Enterprise Server 6.0 is vulnerable to this issue. A work around that completely blocks this issue is available below. Please note that Netscape Enterprise Server 6.0 is discontinued and Red Hat will not be releasing software updates for this issue. Workaround: Set a default error message for "Not Found" that does not include a link to the referring page. To configure such a message, follow these steps: - Log into admin server - Select an instance to manage - Select Class Manager in the upper-right - Select the Content Management tab - Select Error Responses link in left frame - You need to define a Custom Error Response for Error code: Not found. - Add the entire path to a file under File, or redirect the user elsewhere. See the Help button for more information. - Save, then Apply to restart the server Alternatively, manually add an error response, such as the following, to obj.conf: Error fn="send-error" reason="Not Found" path="/path/to/docs/errors/notfound.html" The content that Netscape Enterprise Server would send without the referring site is:
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
Notified: March 08, 2005 Updated: August 10, 2006
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Sun Alert Notification 102164.