Security authority the Computer Emergency Response Team (Cert) yesterday released details of multiple vulnerabilities in the Netscape Enterprise Server and iPlanet servers which could allow an attacker to crash a server or gain access.

Discovered by security firm ProCheckUp, the first vulnerability is a remotely exploitable denial of service attack on Netscape Enterprise Servers versions 4.0 and 4.1, and iPlanet 4.x web servers running on Windows.

"Essentially, by entering a simple command within their web browser remote attackers can cause the server to crash," said a Cert advisory. "The mitigating factor is that web publishing has to be enabled. However, this is quite common."

A second vulnerability in the same versions of the software allows an attacker to force an authentication session which, although "not a severe weakness", may allow attackers to perform a brute force password crack.

This is a problem because "it provides an unpublished feature which would be unknown to the web server administrators or designers", according to ProCheckUp.

Richard Brain, technical director at the security firm, said: "It should be noted that, even though Netscape servers are not as popular as Apache or IIS servers, they are commonly used by businesses running high-end ecommerce or banking sites."

The Cert advisory can be found here.