HP-UX PHSS_28090 : HP-UX Running Apache, Increased Privileges or Denial of Service (DoS) or Execution of Arbitrary Code (HPSBUX00224 SSRT2393 rev.3)

High Nessus Plugin ID 17118


The remote HP-UX host is missing a security-related patch.


s700_800 11.04 Virtualvault 4.6 IWS update. :

Potential vulnerability regarding ownership permissions of System V shared memory based scoreboards. (CERT VU#825353, CVE CAN-2002-0839) Potential cross-site scripting vulnerability in the default error page when using wildcard DNS. (CERT VU#240329, CVE CAN-2002-0840) Potential overflows in ab.c which could be exploited by a malicious server.
(CERT VU#858881, CVE CAN-2002-0843) Exposure of CGI source when a POST request is sent to a location where both DAV and CGI are enabled.
(CERT VU#91071, CVE CAN-2002-1156).


Install patch PHSS_28090 or subsequent.

See Also


Plugin Details

Severity: High

ID: 17118

File Name: hpux_PHSS_28090.nasl

Version: $Revision: 1.16 $

Type: local

Published: 2005/02/16

Modified: 2013/04/20

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Patch Publication Date: 2003/02/07

Reference Information

CVE: CVE-2002-0839, CVE-2002-0840, CVE-2002-0843, CVE-2002-1156

CERT: 240329, 825353, 858881, 91071

HP: emr_na-c00944288, HPSBUX00224, SSRT2393