This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The remote web server is affected by multiple vulnerabilities.
According to its self-reported version, the Oracle iPlanet Web Server
(formerly Sun Java System Web Server) running on the remote host is
7.0.x prior to 7.0.15. It is, therefore, affected by the following
- Multiple cross-site scripting vulnerabilities exist due
to parameter validation errors that occur when input is
submitted to admingui scripts 'cchelp2/Masthead.jsp',
'version/Masthead.jsp', and 'cchelp2/Navigator.jsp'. A
remote attacker, using a crafted URL, can exploit these
to execute arbitrary script code in the user's browser
in the context of the session between the browser and
the server. (CVE-2012-0516)
- An unspecified error exists in the Web Server component
that can allow denial of service attacks.
Note that Oracle states that bug 12919334 'WS7: RANGE HEADER DOS
VULNERABILITY' could not be reproduced.
See also :
Upgrade to Oracle iPlanet Web Server 7.0.15 or later.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.0
Public Exploit Available : false