Regarding Peter Guendl's discovery of DoS attacks against iWS 4.1:
1) Peter G. reports that disabling the cache with cache-init is not
an effective workaround for the FastTrack problem.
2) I wrote that iWS 4.1 has "at least one huge hole (remote code execution
via SSL/TLS implementation bug)". Another reader has pointed out that
the SSL/TLS problem was announced as a Denial of Service vulnerability.
3) The note about Service Pack levels for iPlanet Enterprise 4.1 in
Peter Gruendl's "Netscape Enterprise Server Dot-Dot DoS" was somewhat
confusing. The iPlanet URL he refers to correctly states that the
latest supported iPlanet Web servers[0] are 4.0sp6 and 4.1sp5. 4.1sp6
has not been released or officially announced by iPlanet.
Thanks,
-Peter
[0] All Netscape-branded Web server products, including Netscape Enterprise 3.6,
have officially passed their end-of-life dates and are no longer supported.
