IBM HTTP Server for z/OS 5.3.0 Command Execution

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote web server may be affected by a command execution
vulnerability.

Description :

According to its banner, the version of IBM HTTP Server on the
remote host is version 5.3.0. It is, therefore, potentially affected
by an unspecified command execution vulnerability. This issue only
affects IBM HTTP Server for z/OS.

Note that Nessus did not actually test for this issue, but instead
has relied on the version in the server's banner.

Further note that Nessus has not attempted to determine if the 'PTF
UK90469' patch or a later patch has been applied. If a patch has
already been applied, consider this a false positive.

See also :

http://www-01.ibm.com/support/docview.wss?&uid=swg21620945

Solution :

Apply PTF UK90469 or later which includes APAR PM79239.

Note that if the recommended patch or a subsequent patch has been
installed, this can be considered a false positive and no action is
required.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 66760 ()

Bugtraq ID: 57010

CVE ID: CVE-2012-5955