Oracle iPlanet Web Server 7.0.x < 7.0.21 NSS Signature Verification Vulnerability
High Nessus Plugin ID 82995
SynopsisThe remote web server is affected by a signature forgery vulnerability.
DescriptionAccording to its self-reported version, the Oracle iPlanet Web Server (formerly known as Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.21. It is, therefore, affected by a flaw in the Network Security Services (NSS) library due to improper parsing of ASN.1 values in an RSA signature. A man-in-the-middle attacker, using a crafted certificate, can exploit this to forge RSA signatures, such as SSL certificates.
SolutionUpgrade to Oracle iPlanet Web Server 7.0.21 or later.