Read Bennett Gold LLP's privacy policies and practices regarding this web site.
LINK TO: Bennett Gold LLP's Privacy Policies and Practices. E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


E-COMMERCE WEB SERVERS VULNERABLE TO ATTACK

Source: ZD Net UK

Posted on January 17, 2002

      E-commerce sites could open themselves up to denial-of-service (DoS) attacks unless they patch their Web servers, a UK security company has warned.

      ProCheckUp found a vulnerability in the Netscape Enterprise 3.x Web server and the related iPlanet 4.x running on Windows NT. Netscape Enterprise has a selection of Web publishing commands beginning with ?wp built into the Web server. When Web publishing is enabled, issuing an improper ?wp-html-rend command can bring about an access violation on Windows operating systems and cause the server to crash.

      Another vulnerability allows hackers to use the ?wp-force-auth command to perform brute-force password cracking on the same servers under Solaris and NT.

      Richard Brain, technical director of ProCheckUp, said that although Netscape Enterprise and iPlanet are not as popular as Apache or Microsoft's IIS server, they are commonly used by businesses running high-end e-commerce and banking sites.

      "About 35 percent of our customers running Netscape Enterprise or iPlanet do so on Windows NT," said Brain. According to a recent survey, nearly 1.4 million Web servers worldwide run these applications. This indicates that around 1 percent of all Web servers could potentially be affected by the vulnerability.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.