Sun ONE (iPlanet) Application Server < 6.5 SP1 NSAPI Plugin Overflow
High Nessus Network Monitor Plugin ID 1586
SynopsisThe remote host is running a vulnerable version of Sun ONE Application Server (formerly known as iPlanet Application Server).
DescriptionThe remote Sun ONE Application Server (formerly known as iPlanet Application Server) is vulnerable to a buffer overflow when a user provides a long buffer after the application service prefix, as in
GET /[AppServerPrefix]/[long buffer]
An attacker may use this flaw to execute arbitrary code on this host or disable it remotely.
SolutionIf you are running Application Server 6.5, apply SP1 or higher. There is no patch for version 6.0.