Oracle iPlanet Web Server 7.0.x < 7.0.

27 NSS Unspecified
Vulnerability
Finding Date: Wednesday, January 30, 2019

Risk Level : High

CVE Reference :
• CVE-2015-7501
• CVE-2015-7940
• CVE-2016-0635
• CVE-2016-1182
• CVE-2016-2107

Affected System:
• 10.235.8.51
• 10.235.8.52

Finding Description:
Description According to its self-reported version, the Oracle iPlanet Web Server (formerly known
as Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.27 Patch
26834070. It is, therefore, affected by an unspecified vulnerability in the Network Security Services
(NSS) library with unknown impact.

Security Risk:
The remote web server is affected by an unspecified vulnerability

Recommendation:
Upgrade to Oracle iPlanet Web Server version 7.0.27 or later as referenced in the January 2018
Oracle Critical Patch Update advisory.

Plugin Details
Severity: High
ID: 106349
Version: 1.6
Type: remote
Family: Web Servers
Published: January 25, 2018
Modified: August 3, 2018

Risk Information
Risk Factor: High
CVSS Base Score: 7.5
CVSS Temporal Score: 6.2
CVSS Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information
CPE: cpe:/a:oracle:iplanet_web_server cpe:/a:mozilla:network_security_services
Exploit Available: true
Exploit Ease: Exploits are available
Patch Pub Date: January 17, 2017
Vulnerability Pub Date: January 17, 2017