IBM HTTP Server on Windows Apache Portable Runtime (APR) Named Pipe DoS

Low Nessus Plugin ID 84290


The remote web server may be affected by a denial of service vulnerability.


According to its banner, the version of IBM HTTP Server running on the remote host is potentially affected by a denial of service vulnerability due to an error related to the included Apache Portable Runtime (APR) and named pipe handling. A local attacker, using a 'named pipe squatting attack' from a local process, can exploit this to cause a denial of service. This issue only affects IBM HTTP Server on Windows.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Also note that Nessus has not attempted to determine if the 'PI39833' interim fix or a later patch has been applied. If a patch has already been applied, consider this a false positive.


Upgrade to,,,, or Then apply Interim Fix PI39833.

Note that the fix is scheduled to be included in the following versions :


See Also

Plugin Details

Severity: Low

ID: 84290

File Name: ibm_http_server_PI39833.nasl

Version: $Revision: 1.6 $

Type: remote

Family: Web Servers

Published: 2015/06/19

Modified: 2016/05/16

Dependencies: 10107, 11936

Risk Information

Risk Factor: Low


Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:http_server

Required KB Items: www/ibm-http, Settings/ParanoidReport, Host/OS

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/06/10

Vulnerability Publication Date: 2015/04/29

Reference Information

CVE: CVE-2015-1829

BID: 75164

OSVDB: 121515