HP VirtualVault Netscape Enterprise Server Vulnerability

HP VirtualVault Netscape Enterprise Server Vulnerability

HP's VirtualVault is a trusted web server platform that implements compartmentalization. The bundled web server is a version of the Netscape Enterprise Server. A vulnerability in the NES makes it vulnerable to a denial of service.

If a CGI request longer than 512 bytes in length made (e.g. "GET /cgi-bin/somecgi.cgi?AAAAAAAAA...") the Netscape Enterprise Server will be unable to service any further CGI requests.

The affected filesets are VaultNES.NES-VAULT and VaultTS.INES-COMMON.