Detections
Analytics

Sun ONE (iPlanet) Application Server < 6.5 SP1 NSAPI Plugin Overflow

high Nessus Network Monitor Plugin ID 1586

Synopsis

The remote host is running a vulnerable version of Sun ONE Application Server (formerly known as iPlanet Application Server).

Description

The remote Sun ONE Application Server (formerly known as iPlanet Application Server) is vulnerable to a buffer overflow when a user provides a long buffer after the application service prefix, as in
GET /[AppServerPrefix]/[long buffer]
 An attacker may use this flaw to execute arbitrary code on this host or disable it remotely.

Solution

If you are running Application Server 6.5, apply SP1 or higher. There is no patch for version 6.0.

See Also

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/52022

Plugin Details

Severity: High

ID: 1586

Family: Web Servers

Published: 8/20/2004

Updated: 3/6/2019

Nessus ID: 11403

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:sun:one_application_server

Reference Information

CVE: CVE-2002-0387

BID: 7082