HP-UX PHSS_34203 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)

medium Nessus Plugin ID 21112

Synopsis

The remote HP-UX host is missing a security-related patch.

Description

s700_800 11.04 Webproxy 2.1 (Apache 1.x) update :

A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access.
References: Apache HTTP Server version 1.3.34 announcement.

Solution

Install patch PHSS_34203 or subsequent.

See Also

http://www.nessus.org/u?e43753d4

Plugin Details

Severity: Medium

ID: 21112

File Name: hpux_PHSS_34203.nasl

Version: 1.15

Type: local

Published: 3/21/2006

Updated: 1/11/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/o:hp:hp-ux

Required KB Items: Host/local_checks_enabled, Host/HP-UX/version, Host/HP-UX/swlist

Exploit Ease: No known exploits are available

Patch Publication Date: 3/15/2006

Vulnerability Publication Date: 6/6/2005

Reference Information

CVE: CVE-2005-2088

BID: 14106

HP: HPSBUX02101, SSRT051128, emr_na-c00612828