Sun ONE (iPlanet) Application Server < 6.5 SP1 NSAPI Plugin Overflow

High Nessus Network Monitor Plugin ID 1586

Synopsis

The remote host is running a vulnerable version of Sun ONE Application Server (formerly known as iPlanet Application Server).

Description

The remote Sun ONE Application Server (formerly known as iPlanet Application Server) is vulnerable to a buffer overflow when a user provides a long buffer after the application service prefix, as in
GET /[AppServerPrefix]/[long buffer]
An attacker may use this flaw to execute arbitrary code on this host or disable it remotely.

Solution

If you are running Application Server 6.5, apply SP1 or higher. There is no patch for version 6.0.

See Also

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/52022

Plugin Details

Severity: High

ID: 1586

Family: Web Servers

Published: 2004/08/20

Modified: 2016/01/15

Dependencies: 1442

Nessus ID: 11403

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2002-0387

BID: 7082