Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Sun ONE (iPlanet) Application Server < 6.5 SP1 NSAPI Plugin Overflow

High

Synopsis

The remote host is running a vulnerable version of Sun ONE Application Server (formerly known as iPlanet Application Server).

Description

The remote Sun ONE Application Server (formerly known as iPlanet Application Server) is vulnerable to a buffer overflow when a user provides a long buffer after the application service prefix, as in GET /[AppServerPrefix]/[long buffer] An attacker may use this flaw to execute arbitrary code on this host or disable it remotely.

Solution

If you are running Application Server 6.5, apply SP1 or higher. There is no patch for version 6.0.