This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote IBM HTTP Server is affected by multiple vulnerabilities.
The IBM HTTP Server running on the remote host is version 6.0 prior to
or equal to 126.96.36.199, 6.1 prior to or equal to 188.8.131.52, 7.0 prior to
184.108.40.206, 8.0 prior to 220.127.116.11, or 8.5 prior to 18.104.22.168. It is,
therefore, affected by a flaw in the Apache Portable Runtime (APR)
that is triggered when an APR application is using APR named pipe
support on Windows. A local attacker can exploit this to conduct a
pipe squatting attack from a local process.
See also :
Apply IBM 7.0 Fix Pack 39 (22.214.171.124) / 8.0 Fix Pack 11 (126.96.36.199) /
8.5 Fix Pack 7 (188.8.131.52) or later. Alternatively, apply the Interim
Fixes as recommended in the vendor advisory.
In the case of the 6.0 branch, apply IBM 6.0 Fix Pack 43 (184.108.40.206)
and then apply Interim Fix PI39833.
In the case of the 6.1 branch, apply IBM 6.1 Fix Pack 47 (220.127.116.11)
and then apply Interim Fixes PI39833.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false