HP-UX PHSS_28098 : HP-UX Running Apache, Increased Privileges or Denial of Service (DoS) or Execution of Arbitrary Code (HPSBUX00224 SSRT2393 rev.3)

high Nessus Plugin ID 17490

Synopsis

The remote HP-UX host is missing a security-related patch.

Description

s700_800 11.04 Virtualvault 4.5 OWS update :

Potential vulnerability regarding ownership permissions of System V shared memory based scoreboards. (CERT VU#825353, CVE CAN-2002-0839) Potential cross-site scripting vulnerability in the default error page when using wildcard DNS. (CERT VU#240329, CVE CAN-2002-0840) Potential overflows in ab.c which could be exploited by a malicious server.
(CERT VU#858881, CVE CAN-2002-0843) Exposure of CGI source when a POST request is sent to a location where both DAV and CGI are enabled.
(CERT VU#91071, CVE CAN-2002-1156).

Solution

Install patch PHSS_28098 or subsequent.

See Also

http://www.nessus.org/u?4d769217

Plugin Details

Severity: High

ID: 17490

File Name: hpux_PHSS_28098.nasl

Version: 1.17

Type: local

Published: 3/18/2005

Updated: 1/11/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Patch Publication Date: 2/13/2003

Vulnerability Publication Date: 10/11/2002

Reference Information

CVE: CVE-2002-0839, CVE-2002-0840, CVE-2002-0843, CVE-2002-1156

CERT: 240329, 825353, 858881, 91071

HP: HPSBUX00224, SSRT2393, emr_na-c00944288