Sun ONE (iPlanet) Application Server < 6.5 SP1 NSAPI Plugin Overflow

High Nessus Network Monitor Plugin ID 1586


The remote host is running a vulnerable version of Sun ONE Application Server (formerly known as iPlanet Application Server).


The remote Sun ONE Application Server (formerly known as iPlanet Application Server) is vulnerable to a buffer overflow when a user provides a long buffer after the application service prefix, as in
GET /[AppServerPrefix]/[long buffer]
An attacker may use this flaw to execute arbitrary code on this host or disable it remotely.


If you are running Application Server 6.5, apply SP1 or higher. There is no patch for version 6.0.

See Also

Plugin Details

Severity: High

ID: 1586

Family: Web Servers

Published: 2004/08/20

Modified: 2016/01/15

Dependencies: 1442

Nessus ID: 11403

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.4


Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2002-0387

BID: 7082