This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote web proxy server is affected by a remote code execution
According to its self-reported version, the Oracle iPlanet Web Proxy
Server (formerly known as Sun Java System Web Proxy Server) installed
on the remote host is version 4.0.x prior to 4.0.27. It is, therefore,
affected by a heap buffer overflow condition in the ASN.1 decoder in
the Network Security Services (NSS) library. A remote attacker can
exploit this, via crafted OCTET STRING data, to cause a denial of
service or to execute arbitrary code.
See also :
Upgrade to Oracle iPlanet Web Proxy Server version 4.0.27 or later as
referenced in the April 2016 Oracle Critical Patch Update advisory.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.5
Public Exploit Available : false