By sending a very long HTTP request ending in the .shtml extension, it is possible to cause a buffer overflow, which could be used to create a denial of service or to execute arbitrary code. This vulnerability affects iPlanet 4.0 and 4.1 web servers with server side parsing enabled.
A buffer overflow in the processing of HTTP headers in iPlanet 4.0 and 4.1 web servers could result in a memory leak. By supplying a specially crafted Host: header in an HTTP request, an attacker could create a denial of service or read parts of the server's memory space which should not be accessible. In some cases, this memory space could contain pieces of other users' sessions, including authentication information which could be used to hijack those sessions.
By sending an invalid method or URI request, an attacker could cause the web server to stop responding. This vulnerability affects iPlanet web server version 4.1, service pack 3 through 7.
In addition to standard HTTP request methods such as GET and POST, Netscape recognizes several other request methods, such as GETPROPERTIES and GETATTRIBUTENAMES. These request methods are part of Netscape's Web Publisher feature. A buffer overflow condition in the processing of these Web Publisher methods could allow a remote attacker to execute arbitrary code. Netscape Enterprise Server and iPlanet 4.1 (service pack 7) and earlier are affected by this vulnerability.
Alternatively, the first problem can be fixed by disabling server side parsing, and the second can be fixed by applying the NSAPI module.