Oracle iPlanet Web Server 7.0.x < 7.0.20 Multiple Vulnerabilities

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by multiple vulnerabilities.

Description :

According to its self-reported version, the Oracle iPlanet Web Server
(formerly Sun Java System Web Server) running on the remote host is
7.0.x prior to 7.0.20. It is, therefore, affected by the following
vulnerabilities in the Network Security Services (NSS) :

- The implementation of NSS does not ensure that data
structures are initialized, which can result in a denial
of service or disclosure of sensitive information.

- An error exists in the ssl_Do1stHandshake() function in
file sslsecur.c due to unencrypted data being returned
from PR_Recv when the TLS False Start feature is
enabled. A man-in-the-middle attacker can exploit this,
by using an arbitrary X.509 certificate, to spoof SSL
servers during certain handshake traffic.

- An integer overflow condition exists related to handling
input greater than half the maximum size of the
'PRUint32' value. A remote attacker can exploit this to
cause a denial of service or possibly have other impact.

- An error exists in the Null_Cipher() function in the
file ssl3con.c related to handling invalid handshake
packets. A remote attacker, using a crafted request, can
exploit this to execute arbitrary code. (CVE-2013-5605)

- An error exists in the CERT_VerifyCert() function in the
file certvfy.c when handling trusted certificates with
incompatible key usages. A remote attacker, using a
crafted request, can exploit this to have an invalid
certificates treated as valid. (CVE-2013-5606)

- A race condition exists in libssl that occurs during
session ticket processing. A remote attacker can exploit
this to cause a denial of service. (CVE-2014-1490)

- Network Security Services (NSS) does not properly
restrict public values in Diffie-Hellman key exchanges,
allowing a remote attacker to bypass cryptographic
protection mechanisms. (CVE-2014-1491)

- An issue exists in the Network Security (NSS) library
due to improper handling of IDNA domain prefixes for
wildcard certificates. A man-in-the-middle attacker,
using a crafted certificate, can exploit this to spoof
an SSL server. (CVE-2014-1492)

See also :

Solution :

Upgrade to Oracle iPlanet Web Server 7.0.20 or later.

Note that, at the time of this writing, there is no patch available
for installations on Microsoft Windows hosts. Please contact the
vendor regarding availability dates for the patch for iPlanet 7.0
(patch #145847).

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false