Detections
Analytics

IBM HTTP Server for z/OS 5.3.0 Command Execution

critical Nessus Plugin ID 66760

Language:

Synopsis

The remote web server may be affected by a command execution vulnerability.

Description

According to its banner, the version of IBM HTTP Server on the remote host is version 5.3.0. It is, therefore, potentially affected by an unspecified command execution vulnerability. This issue only affects IBM HTTP Server for z/OS.

Note that Nessus did not actually test for this issue, but instead has relied on the version in the server's banner.

Further note that Nessus has not attempted to determine if the 'PTF UK90469' patch or a later patch has been applied. If a patch has already been applied, consider this a false positive.

Solution

Apply PTF UK90469 or later which includes APAR PM79239.

Note that if the recommended patch or a subsequent patch has been installed, this can be considered a false positive and no action is required.

See Also

http://www-01.ibm.com/support/docview.wss?&uid=swg21620945

Plugin Details

Severity: Critical

ID: 66760

File Name: ibm_zos_httpd_5_3_0.nasl

Version: 1.5

Type: remote

Family: Web Servers

Published: 6/3/2013

Updated: 8/5/2020

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2012-5955

Vulnerability Information

CPE: cpe:/a:ibm:http_server

Required KB Items: Settings/ParanoidReport, www/ibm-http

Exploit Ease: No known exploits are available

Patch Publication Date: 12/19/2012

Vulnerability Publication Date: 12/19/2012

Reference Information

CVE: CVE-2012-5955

BID: 57010

IAVA: 2013-A-0020-S