Rapid7 Vulnerability & Exploit Database

Netscape/Sun iPlanet NSS SSLv2 client key buffer overflow

Back to Search

Netscape/Sun iPlanet NSS SSLv2 client key buffer overflow

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
02/26/2007
Created
07/25/2018
Added
08/03/2007
Modified
02/13/2015

Description

Sun iPlanet/Java Web Server is vulnerable to a buffer overflow in its SSLv2 processing (used for HTTPS). The Network Security Services (NSS) library contains an integer underflow error in the parsing of SSL public keys. The result of this integer underflow is a heap-based buffer overflow with the potential to execute arbitrary code on the server.

Solution(s)

  • iplanet-41-upgrade-sp11
  • iplanet-60-upgrade-sp3

References

  • iplanet-41-upgrade-sp11
  • iplanet-60-upgrade-sp3

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;