CVE-2001-0746

iPlanet Web Server Enterprise Edition <= 4.1 - Buffer Overflow via Long URI in Web Publisher

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2001-0746. PoCs published by Gabriel Maggiotti, Santi Claus.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in iPlanet Web Server (Netscape Enterprise Server 4) by sending a crafted HTTP request with an oversized method or URI (4022 bytes). The PoC demonstrates a denial-of-service (DoS) condition, though the description suggests potential for remote code execution (RCE) with proper structuring.

Description

Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Gabriel Maggiotti · phpdosmultiple
https://www.exploit-db.com/exploits/20853

This exploit targets a buffer overflow vulnerability in iPlanet Web Server (Netscape Enterprise Server 4) by sending a crafted HTTP request with an oversized method or URI (4022 bytes). The PoC demonstrates a denial-of-service (DoS) condition, though the description suggests potential for remote code execution (RCE) with proper structuring.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: iPlanet Web Server 4.1 SP3-7 (Netscape Enterprise Server 4)
No auth needed
Prerequisites: Network access to the target server · Target running vulnerable iPlanet Web Server version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Santi Claus · perldosmultiple
https://www.exploit-db.com/exploits/20852

This exploit targets a buffer overflow vulnerability in iPlanet Web Server 4.1 SP3-7 on Windows NT by sending a crafted HTTP request with a long string of 'A' characters. It demonstrates a denial-of-service (DoS) condition and potential for remote code execution (RCE) if the buffer is properly structured.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: iPlanet Web Server 4.1 SP3-7 on Windows NT
No auth needed
Prerequisites: Network access to the target server · iPlanet Web Server 4.1 SP3-7 running on Windows NT
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-05/0132.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2732
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6554

Scores

EPSS 0.1520
EPSS Percentile 96.3%

Details

Status published
Products (5)
iplanet/iplanet_web_server 4.1_sp3
iplanet/iplanet_web_server 4.1_sp4
iplanet/iplanet_web_server 4.1_sp5
iplanet/iplanet_web_server 4.1_sp6
iplanet/iplanet_web_server 4.1_sp7
Published Oct 18, 2001
Tracked Since Feb 18, 2026