Oracle iPlanet Web Server 7.0.x < 7.0.21 NSS Signature Verification Vulnerability

High Nessus Plugin ID 82995

Synopsis

The remote web server is affected by a signature forgery vulnerability.

Description

According to its self-reported version, the Oracle iPlanet Web Server (formerly known as Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.21. It is, therefore, affected by a flaw in the Network Security Services (NSS) library due to improper parsing of ASN.1 values in an RSA signature. A man-in-the-middle attacker, using a crafted certificate, can exploit this to forge RSA signatures, such as SSL certificates.

Solution

Upgrade to Oracle iPlanet Web Server 7.0.21 or later.

Oracle iPlanet Web Server 7.0.x < 7.0.21 NSS Signature Verification Vulnerability

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

Vulnerability Information

Reference Information