IBM HTTP Server on Windows Apache Portable Runtime (APR) Named Pipe DoS
Low Nessus Plugin ID 84290
SynopsisThe remote web server may be affected by a denial of service vulnerability.
DescriptionAccording to its banner, the version of IBM HTTP Server running on the remote host is potentially affected by a denial of service vulnerability due to an error related to the included Apache Portable Runtime (APR) and named pipe handling. A local attacker, using a 'named pipe squatting attack' from a local process, can exploit this to cause a denial of service. This issue only affects IBM HTTP Server on Windows.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Also note that Nessus has not attempted to determine if the 'PI39833' interim fix or a later patch has been applied. If a patch has already been applied, consider this a false positive.
SolutionUpgrade to 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, or 220.127.116.11. Then apply Interim Fix PI39833.
Note that the fix is scheduled to be included in the following versions :