  |
 |
|
Research and retrieval of news articles by: SPECIAL NOTE TO ALL VISITORS: | ||
 |
|
E-COMMERCE WEB SERVERS VULNERABLE TO ATTACKSource: ZD Net UKPosted on January 17, 2002 E-commerce sites could open themselves up to denial-of-service (DoS) attacks unless they patch their Web servers, a UK security company has warned. ProCheckUp found a vulnerability in the Netscape Enterprise 3.x Web server and the related iPlanet 4.x running on Windows NT. Netscape Enterprise has a selection of Web publishing commands beginning with ?wp built into the Web server. When Web publishing is enabled, issuing an improper ?wp-html-rend command can bring about an access violation on Windows operating systems and cause the server to crash. Another vulnerability allows hackers to use the ?wp-force-auth command to perform brute-force password cracking on the same servers under Solaris and NT. Richard Brain, technical director of ProCheckUp, said that although Netscape Enterprise and iPlanet are not as popular as Apache or Microsoft's IIS server, they are commonly used by businesses running high-end e-commerce and banking sites. "About 35 percent of our customers running Netscape Enterprise or iPlanet do so on Windows NT," said Brain. According to a recent survey, nearly 1.4 million Web servers worldwide run these applications. This indicates that around 1 percent of all Web servers could potentially be affected by the vulnerability.
E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes. |
|
ALERT  WebTrust Is Your Best Defense Against Privacy Breaches. Get WebTrust Working For Your Site. |