IBM HTTP Server for z/OS 5.3.0 Command Execution

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote web server may be affected by a command execution

Description :

According to its banner, the version of IBM HTTP Server on the
remote host is version 5.3.0. It is, therefore, potentially affected
by an unspecified command execution vulnerability. This issue only
affects IBM HTTP Server for z/OS.

Note that Nessus did not actually test for this issue, but instead
has relied on the version in the server's banner.

Further note that Nessus has not attempted to determine if the 'PTF
UK90469' patch or a later patch has been applied. If a patch has
already been applied, consider this a false positive.

See also :

Solution :

Apply PTF UK90469 or later which includes APAR PM79239.

Note that if the recommended patch or a subsequent patch has been
installed, this can be considered a false positive and no action is

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 66760 ()

Bugtraq ID: 57010

CVE ID: CVE-2012-5955

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now