IBM HTTP Server on Windows Apache Portable Runtime (APR) Named Pipe DoS

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.

Synopsis :

The remote web server may be affected by a denial of service

Description :

According to its banner, the version of IBM HTTP Server running on the
remote host is potentially affected by a denial of service
vulnerability due to an error related to the included Apache Portable
Runtime (APR) and named pipe handling. A local attacker, using a
'named pipe squatting attack' from a local process, can exploit this
to cause a denial of service. This issue only affects IBM HTTP Server
on Windows.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.

Also note that Nessus has not attempted to determine if the 'PI39833'
interim fix or a later patch has been applied. If a patch has already
been applied, consider this a false positive.

See also :

Solution :

Upgrade to,,,, or Then
apply Interim Fix PI39833.

Note that the fix is scheduled to be included in the following
versions :


Risk factor :

Low / CVSS Base Score : 2.1
CVSS Temporal Score : 1.6
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 84290 ()

Bugtraq ID: 75164

CVE ID: CVE-2015-1829

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now