IBM HTTP Server for z/OS 5.3.0 Command Execution

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote web server may be affected by a command execution

Description :

According to its banner, the version of IBM HTTP Server on the
remote host is version 5.3.0. It is, therefore, potentially affected
by an unspecified command execution vulnerability. This issue only
affects IBM HTTP Server for z/OS.

Note that Nessus did not actually test for this issue, but instead
has relied on the version in the server's banner.

Further note that Nessus has not attempted to determine if the 'PTF
UK90469' patch or a later patch has been applied. If a patch has
already been applied, consider this a false positive.

See also :

Solution :

Apply PTF UK90469 or later which includes APAR PM79239.

Note that if the recommended patch or a subsequent patch has been
installed, this can be considered a false positive and no action is

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 66760 ()

Bugtraq ID: 57010

CVE ID: CVE-2012-5955

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial