GEN:SID 1:1050
Message WEB-MISC iPlanet GETPROPERTIES attempt
Summary This event is generated when a request is made to a webserver using the
the command 'GETPROPERTIES'. This may be an indication that a buffer
overflow attack may be in process.
Impact If successful, this attack will allow attackers to run code of their
choosing on the victim server.
Detailed Information The web publishing feature in iPlanet Web Server 4.1 is vulnerable to a
buffer overflow.
Affected Systems iPlanet Web Server 4.1 up to Service Pack 8
Attack Scenarios An attacker can spawn a remote shell on the server and execute any
command they desire.
Ease of Attack Difficult.  Exploit code does not appear to exist as of June 2003, so an
attacker would need to write the code themselves.
Corrective Action Disable web publishing or upgrade your web server software.
Additional References NTBugtraq Archive:
http://archives.neohapsis.com/archives/ntbugtraq/2001-q2/0035.html
Rule References bugtraq: 2732
cve: 2001-0746