Detections
Analytics
Oracle iPlanet Web Server 7.0.x < 7.0.9 Multiple Vulnerabilities
medium Nessus Plugin ID 51138
Language:
Synopsis
The remote web server is affected by multiple vulnerabilities.Description
According to its self-reported version, the Oracle iPlanet Web Server (formerly known as Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.9. It is, therefore, affected by multiple vulnerabilities :- An unspecified file disclosure vulnerability exists in the WebDAV component. (CVE-2010-3512)
- An HTTP response splitting vulnerability exists in the web container component due to a failure to sanitize HTTP response headers of CR / LF characters. (CVE-2010-3514)
- A cross-site request forgery vulnerability exists in the management console that can allow an attacker to stop an arbitrary server instance. (CVE-2010-3544)
- An unspecified flaw exists in the administration component that allows a remote attacker to impact confidentiality and integrity via unknown vectors.
(CVE-2010-3545)
Solution
Upgrade to Oracle iPlanet Web Server 7.0.9 or later.See Also
Plugin Details
Severity: Medium
ID: 51138
File Name: sun_java_web_server_7_0_9.nasl
Version: 1.20
Type: remote
Family: Web Servers
Published: 12/13/2010
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.2
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
Vulnerability Information
CPE: cpe:/a:oracle:iplanet_web_server
Required KB Items: installed_sw/Oracle iPlanet Web Server/
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/12/2010
Vulnerability Publication Date: 10/12/2010
Reference Information
CVE: CVE-2010-3512, CVE-2010-3514, CVE-2010-3544, CVE-2010-3545