ID CVE-2012-1738
Summary Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite Java System Web Server 6.1 and Oracle iPlanet Web Server 7.0 allows remote attackers to affect availability via unknown vectors related to Web Server.
References
Vulnerable Configurations
  • Oracle Sun Products Suite Java System Web Server 6.1
    cpe:2.3:a:oracle:sun_products_suite_java_system_web_server:6.1
  • Oracle iPlanet Web Server 7.0
    cpe:2.3:a:oracle:iplanet_web_server:7.0
CVSS
Base: 5.0 (as of 18-07-2012 - 10:23)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
NASL family Web Servers
NASL id SUN_JAVA_WEB_SERVER_7_0_15.NASL
description According to its self-reported version, the Oracle iPlanet Web Server (formerly Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.15. It is, therefore, affected by the following vulnerabilities : - Multiple cross-site scripting vulnerabilities exist due to parameter validation errors that occur when input is submitted to admingui scripts 'cchelp2/Masthead.jsp', 'version/Masthead.jsp', and 'cchelp2/Navigator.jsp'. A remote attacker, using a crafted URL, can exploit these to execute arbitrary script code in the user's browser in the context of the session between the browser and the server. (CVE-2012-0516) - An unspecified error exists in the Web Server component that can allow denial of service attacks. (CVE-2012-1738) Note that Oracle states that bug 12919334 'WS7: RANGE HEADER DOS VULNERABILITY' could not be reproduced.
last seen 2019-01-16
modified 2018-11-15
plugin id 59736
published 2012-06-27
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=59736
title Oracle iPlanet Web Server 7.0.x < 7.0.15 Multiple Vulnerabilities
refmap via4
bid 54515
confirm http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
mandriva MDVSA-2013:150
osvdb 83974
sectrack 1027276
xf iplanetwebserver-webserver-dos(77058)
Last major update 10-10-2013 - 23:42
Published 17-07-2012 - 18:55
Last modified 28-08-2017 - 21:31
Back to Top