Oracle iPlanet Web Server 7.0.x < 7.0.20 Multiple Vulnerabilities
High Nessus Plugin ID 76593
SynopsisThe remote web server is affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version, the Oracle iPlanet Web Server (formerly Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.20. It is, therefore, affected by the following vulnerabilities in the Network Security Services (NSS) :
- The implementation of NSS does not ensure that data structures are initialized, which can result in a denial of service or disclosure of sensitive information.
- An error exists in the ssl_Do1stHandshake() function in file sslsecur.c due to unencrypted data being returned from PR_Recv when the TLS False Start feature is enabled. A man-in-the-middle attacker can exploit this, by using an arbitrary X.509 certificate, to spoof SSL servers during certain handshake traffic.
- An integer overflow condition exists related to handling input greater than half the maximum size of the 'PRUint32' value. A remote attacker can exploit this to cause a denial of service or possibly have other impact.
- An error exists in the Null_Cipher() function in the file ssl3con.c related to handling invalid handshake packets. A remote attacker, using a crafted request, can exploit this to execute arbitrary code. (CVE-2013-5605)
- An error exists in the CERT_VerifyCert() function in the file certvfy.c when handling trusted certificates with incompatible key usages. A remote attacker, using a crafted request, can exploit this to have an invalid certificates treated as valid. (CVE-2013-5606)
- A race condition exists in libssl that occurs during session ticket processing. A remote attacker can exploit this to cause a denial of service. (CVE-2014-1490)
- Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491)
- An issue exists in the Network Security (NSS) library due to improper handling of IDNA domain prefixes for wildcard certificates. A man-in-the-middle attacker, using a crafted certificate, can exploit this to spoof an SSL server. (CVE-2014-1492)
SolutionUpgrade to Oracle iPlanet Web Server 7.0.20 or later.
Note that, at the time of this writing, there is no patch available for installations on Microsoft Windows hosts. Please contact the vendor regarding availability dates for the patch for iPlanet 7.0 (patch #145847).