Detections
Analytics

iPlanet Application Server Prefix Remote Overflow

high Nessus Plugin ID 11403

Language:

Synopsis

The remote application server is affected by a buffer overflow vulnerability.

Description

The remote Sun ONE Application Server (formerly known as iPlanet Application Server) is vulnerable to a buffer overflow when a user provides a long buffer after the application service prefix, as in

 GET /[AppServerPrefix]/[long buffer] An attacker may use this flaw to execute arbitrary code on this host or disable it remotely.

Solution

If you are running Application Server 6.5, apply SP1.

See Also

https://download.oracle.com/sunalerts/1000998.1.html

Plugin Details

Severity: High

ID: 11403

File Name: iplanet_app_server_overflow.nasl

Version: 1.19

Type: remote

Family: Web Servers

Published: 3/16/2003

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/13/2003

Reference Information

CVE: CVE-2002-0387

BID: 7082