Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU)

High Nessus Plugin ID 106349

Synopsis

The remote web server is affected by an unspecified vulnerability.

Description

According to its self-reported version, the Oracle iPlanet Web Server (formerly known as Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.27 Patch 26834070. It is, therefore, affected by an unspecified vulnerability in the Network Security Services (NSS) library with unknown impact.

Solution

Upgrade to Oracle iPlanet Web Server version 7.0.27 or later as referenced in the January 2018 Oracle Critical Patch Update advisory.

See Also

http://www.nessus.org/u?ae82f1b1

http://www.nessus.org/u?fccabced

Plugin Details

Severity: High

ID: 106349

File Name: sun_java_web_server_7_0_27.nasl

Version: 1.6

Type: remote

Family: Web Servers

Published: 2018/01/25

Updated: 2018/08/03

Dependencies: 85271

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:iplanet_web_server, cpe:/a:mozilla:network_security_services

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/01/17

Vulnerability Publication Date: 2017/01/17

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Tomcat RCE via JSP Upload Bypass)

Elliot (Apache Tomcat for Windows HTTP PUT Method File Upload)

Reference Information

CVE: CVE-2015-7501, CVE-2015-7940, CVE-2016-0635, CVE-2016-1182, CVE-2016-2107, CVE-2016-2179, CVE-2017-3732, CVE-2017-5645, CVE-2017-9798, CVE-2017-10068, CVE-2017-10262, CVE-2017-10273, CVE-2017-10352, CVE-2017-12617, CVE-2018-2561, CVE-2018-2564, CVE-2018-2584, CVE-2018-2594, CVE-2018-2595, CVE-2018-2596, CVE-2018-2601, CVE-2018-2610, CVE-2018-2625, CVE-2018-2711, CVE-2018-2713, CVE-2018-2715, CVE-2018-2733

BID: 78215, 79091, 89760, 91067, 91869, 92987, 95814, 97702, 98050, 100872, 100954, 102442, 102535, 102539, 102541, 102545, 102550, 102553, 102558, 102562, 102565, 102567, 102569, 102573, 102634, 102637, 102641, 102643