Detections
Analytics

IBM HTTP Server 6.0 <= 6.0.2.43 (FP43) / 6.1 <= 6.1.0.47 (FP47) / 7.0 < 7.0.0.39 (FP39) / 8.0 < 8.0.0.11 (FP11) / 8.5 < 8.5.5.7 (FP7) Named Pipe DoS

medium Nessus Plugin ID 86019

Language:

Synopsis

The remote IBM HTTP Server is affected by multiple vulnerabilities.

Description

The IBM HTTP Server running on the remote host is version 6.0 prior to or equal to 6.0.2.43, 6.1 prior to or equal to 6.1.0.47, 7.0 prior to 7.0.0.39, 8.0 prior to 8.0.0.11, or 8.5 prior to 8.5.5.7. It is, therefore, affected by a flaw in the Apache Portable Runtime (APR) that is triggered when an APR application is using APR named pipe support on Windows. A local attacker can exploit this to conduct a pipe squatting attack from a local process.

Solution

Apply IBM 7.0 Fix Pack 39 (7.0.0.39) / 8.0 Fix Pack 11 (8.0.0.11) / 8.5 Fix Pack 7 (8.5.5.7) or later. Alternatively, apply the Interim Fixes as recommended in the vendor advisory.

In the case of the 6.0 branch, apply IBM 6.0 Fix Pack 43 (6.0.2.43) and then apply Interim Fix PI39833.

In the case of the 6.1 branch, apply IBM 6.1 Fix Pack 47 (6.1.0.47) and then apply Interim Fixes PI39833.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21959081

Plugin Details

Severity: Medium

ID: 86019

File Name: websphere_cve-2015-1829.nasl

Version: 1.3

Type: remote

Family: Web Servers

Published: 9/18/2015

Updated: 8/6/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server, cpe:/a:ibm:http_server

Required KB Items: Settings/ParanoidReport, www/WebSphere

Exploit Ease: No known exploits are available

Patch Publication Date: 9/11/2015

Vulnerability Publication Date: 4/29/2015

Reference Information

CVE: CVE-2015-1829

BID: 75164