Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title HP-UX Running Apache, Remote Execution of Arbitrary Code
Informations
Name HPSBUX02308 SSRT080010 First vendor Publication 2008-01-30
Vendor HP Last vendor Modification 2008-01-30
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Potential security vulnerabilities has been identified with HP-UX Apache. These vulnerabilities could be exploited remotely to execute arbitrary code.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-264 Permissions, Privileges, and Access Controls
25 % CWE-189 Numeric Errors (CWE/SANS Top 25)
25 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
25 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5767
 
Oval ID: oval:org.mitre.oval:def:5767
Title: HP-UX Running Apache, Remote Execution of Arbitrary Code
Description: The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4887
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6056
 
Oval ID: oval:org.mitre.oval:def:6056
Title: HP-UX Running Apache, Remote Execution of Arbitrary Code
Description: The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.
Family: unix Class: vulnerability
Reference(s): CVE-2007-3378
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9424
 
Oval ID: oval:org.mitre.oval:def:9424
Title: Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
Description: Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
Family: unix Class: vulnerability
Reference(s): CVE-2007-2872
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9539
 
Oval ID: oval:org.mitre.oval:def:9539
Title: Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Description: Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5000
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 171
Application 1
Application 298
Os 4
Os 2
Os 2
Os 1
Os 2

OpenVAS Exploits

Date Description
2012-06-21 Name : PHP version smaller than 5.2.5
File : nvt/nopsec_php_5_2_5.nasl
2012-06-21 Name : PHP version smaller than 5.2.4
File : nvt/nopsec_php_5_2_4.nasl
2012-06-21 Name : PHP version smaller than 5.2.3
File : nvt/nopsec_php_5_2_3.nasl
2012-06-21 Name : PHP version smaller than 4.4.8
File : nvt/nopsec_php_4_4_8.nasl
2010-05-12 Name : Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003
File : nvt/macosx_upd_10_5_3_secupd_2008-003.nasl
2010-02-03 Name : Solaris Update for Apache 1.3 122911-19
File : nvt/gb_solaris_122911_19.nasl
2010-02-03 Name : Solaris Update for Apache 1.3 122912-19
File : nvt/gb_solaris_122912_19.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13 Name : Solaris Update for Apache 1.3 122911-17
File : nvt/gb_solaris_122911_17.nasl
2009-10-13 Name : Solaris Update for Apache 1.3 122912-17
File : nvt/gb_solaris_122912_17.nasl
2009-10-10 Name : SLES9: Security update for Apache
File : nvt/sles9p5023075.nasl
2009-10-10 Name : SLES9: Security update for PHP4
File : nvt/sles9p5012110.nasl
2009-10-10 Name : SLES9: Security update for PHP4
File : nvt/sles9p5015662.nasl
2009-10-10 Name : SLES9: Security update for Apache 2
File : nvt/sles9p5023052.nasl
2009-09-23 Name : Solaris Update for Apache 1.3 122912-16
File : nvt/gb_solaris_122912_16.nasl
2009-09-23 Name : Solaris Update for Apache 1.3 122911-16
File : nvt/gb_solaris_122911_16.nasl
2009-06-03 Name : Solaris Update for Apache 1.3 122912-15
File : nvt/gb_solaris_122912_15.nasl
2009-06-03 Name : Solaris Update for Apache 116973-07
File : nvt/gb_solaris_116973_07.nasl
2009-06-03 Name : Solaris Update for Apache 1.3 122911-15
File : nvt/gb_solaris_122911_15.nasl
2009-06-03 Name : Solaris Update for Apache 2 120544-14
File : nvt/gb_solaris_120544_14.nasl
2009-06-03 Name : Solaris Update for Apache 2 120543-14
File : nvt/gb_solaris_120543_14.nasl
2009-06-03 Name : Solaris Update for Apache 116974-07
File : nvt/gb_solaris_116974_07.nasl
2009-06-03 Name : Solaris Update for Apache Security 114145-11
File : nvt/gb_solaris_114145_11.nasl
2009-06-03 Name : Solaris Update for Apache Security 113146-12
File : nvt/gb_solaris_113146_12.nasl
2009-05-05 Name : HP-UX Update for Apache With PHP HPSBUX02332
File : nvt/gb_hp_ux_HPSBUX02332.nasl
2009-05-05 Name : HP-UX Update for Apache HPSBUX02308
File : nvt/gb_hp_ux_HPSBUX02308.nasl
2009-05-05 Name : HP-UX Update for Apache HPSBUX02262
File : nvt/gb_hp_ux_HPSBUX02262.nasl
2009-04-09 Name : Mandriva Update for apache MDVSA-2008:016 (apache)
File : nvt/gb_mandriva_MDVSA_2008_016.nasl
2009-04-09 Name : Mandriva Update for php MDKSA-2007:187 (php)
File : nvt/gb_mandriva_MDKSA_2007_187.nasl
2009-03-23 Name : Ubuntu Update for apache2 vulnerabilities USN-575-1
File : nvt/gb_ubuntu_USN_575_1.nasl
2009-03-23 Name : Ubuntu Update for php5 regression USN-549-2
File : nvt/gb_ubuntu_USN_549_2.nasl
2009-03-23 Name : Ubuntu Update for php5 vulnerabilities USN-549-1
File : nvt/gb_ubuntu_USN_549_1.nasl
2009-03-06 Name : RedHat Update for httpd RHSA-2008:0006-01
File : nvt/gb_RHSA-2008_0006-01_httpd.nasl
2009-03-06 Name : RedHat Update for apache RHSA-2008:0004-01
File : nvt/gb_RHSA-2008_0004-01_apache.nasl
2009-03-06 Name : RedHat Update for httpd RHSA-2008:0005-01
File : nvt/gb_RHSA-2008_0005-01_httpd.nasl
2009-03-06 Name : RedHat Update for httpd RHSA-2008:0008-01
File : nvt/gb_RHSA-2008_0008-01_httpd.nasl
2009-02-27 Name : Fedora Update for php FEDORA-2007-2215
File : nvt/gb_fedora_2007_2215_php_fc7.nasl
2009-02-27 Name : CentOS Update for httpd CESA-2008:0006 centos4 x86_64
File : nvt/gb_CESA-2008_0006_httpd_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for httpd CESA-2008:0006 centos4 i386
File : nvt/gb_CESA-2008_0006_httpd_centos4_i386.nasl
2009-02-27 Name : Fedora Update for php FEDORA-2007-709
File : nvt/gb_fedora_2007_709_php_fc6.nasl
2009-02-27 Name : CentOS Update for httpd CESA-2008:0005 centos3 i386
File : nvt/gb_CESA-2008_0005_httpd_centos3_i386.nasl
2009-02-27 Name : CentOS Update for apache CESA-2008:0004-01 centos2 i386
File : nvt/gb_CESA-2008_0004-01_apache_centos2_i386.nasl
2009-02-27 Name : CentOS Update for httpd CESA-2008:0005 centos3 x86_64
File : nvt/gb_CESA-2008_0005_httpd_centos3_x86_64.nasl
2009-02-16 Name : Fedora Update for httpd FEDORA-2008-1695
File : nvt/gb_fedora_2008_1695_httpd_fc8.nasl
2009-02-16 Name : Fedora Update for httpd FEDORA-2008-1711
File : nvt/gb_fedora_2008_1711_httpd_fc7.nasl
2009-01-23 Name : SuSE Update for php4, php5 SUSE-SA:2008:004
File : nvt/gb_suse_2008_004.nasl
2009-01-23 Name : SuSE Update for apache2,apache SUSE-SA:2008:021
File : nvt/gb_suse_2008_021.nasl
2008-12-02 Name : HP OpenView Network Node Manager XSS Vulnerability
File : nvt/secpod_hp_openview_nnm_xss_vuln_900403.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200710-02 (php)
File : nvt/glsa_200710_02.nasl
2008-09-04 Name : FreeBSD Ports: php5
File : nvt/freebsd_php51.nasl
2008-09-04 Name : FreeBSD Ports: php5
File : nvt/freebsd_php50.nasl
0000-00-00 Name : Slackware Advisory SSA:2007-152-01 php5
File : nvt/esoft_slk_ssa_2007_152_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-210-02 httpd
File : nvt/esoft_slk_ssa_2008_210_02.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-045-03 php
File : nvt/esoft_slk_ssa_2008_045_03.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-045-02 apache
File : nvt/esoft_slk_ssa_2008_045_02.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-045-01 httpd
File : nvt/esoft_slk_ssa_2008_045_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2007-314-01 php
File : nvt/esoft_slk_ssa_2007_314_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
39134 Apache mod_imagemap Module Imagemap Unspecified XSS

39133 Apache mod_imap Module Imagemap File Unspecified XSS

38684 PHP dl() MAXPATHLEN Argument Size Handling Weakness

36869 PHP Multiple Function .htaccess php_value Directive Arbitrary Command Execution

36083 PHP chunk_split Function Multiple Argument Overflows

Snort® IPS/IDS

Date Description
2014-01-10 Apache mod_imagemap cross site scripting attempt
RuleID : 13302 - Revision : 12 - Type : SERVER-APACHE

Nessus® Vulnerability Scanner

Date Description
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL8186.nasl - Type : ACT_GATHER_INFO
2013-08-11 Name : The remote web server may be affected by multiple vulnerabilities.
File : oracle_http_server_cpu_jul_2013.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0008.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0006.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0005.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0890.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0889.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0523.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0263.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20070926_php_on_SL3.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20070920_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080115_httpd_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0008.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12049.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12124.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12125.nasl - Type : ACT_GATHER_INFO
2009-06-15 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_38147.nasl - Type : ACT_GATHER_INFO
2009-06-15 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_38148.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-016.nasl - Type : ACT_GATHER_INFO
2008-11-25 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_38761.nasl - Type : ACT_GATHER_INFO
2008-07-29 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-210-02.nasl - Type : ACT_GATHER_INFO
2008-05-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_3.nasl - Type : ACT_GATHER_INFO
2008-05-29 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-003.nasl - Type : ACT_GATHER_INFO
2008-04-04 Name : The remote openSUSE host is missing a security update.
File : suse_apache2-5126.nasl - Type : ACT_GATHER_INFO
2008-04-04 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-5128.nasl - Type : ACT_GATHER_INFO
2008-04-04 Name : The remote openSUSE host is missing a security update.
File : suse_apache2-5125.nasl - Type : ACT_GATHER_INFO
2008-04-04 Name : The remote openSUSE host is missing a security update.
File : suse_apache2-5127.nasl - Type : ACT_GATHER_INFO
2008-03-19 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO
2008-03-07 Name : The remote web server may be affected by several issues.
File : apache_1_3_41.nasl - Type : ACT_GATHER_INFO
2008-03-07 Name : The remote web server is affected by multiple cross-site scripting vulnerabil...
File : apache_2_0_63.nasl - Type : ACT_GATHER_INFO
2008-02-20 Name : The remote web server is affected by multiple vulnerabilities.
File : apache_2_2_8.nasl - Type : ACT_GATHER_INFO
2008-02-18 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-045-02.nasl - Type : ACT_GATHER_INFO
2008-02-18 Name : The remote Fedora host is missing a security update.
File : fedora_2008-1695.nasl - Type : ACT_GATHER_INFO
2008-02-18 Name : The remote Fedora host is missing a security update.
File : fedora_2008-1711.nasl - Type : ACT_GATHER_INFO
2008-02-18 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-045-01.nasl - Type : ACT_GATHER_INFO
2008-02-18 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-045-03.nasl - Type : ACT_GATHER_INFO
2008-02-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-575-1.nasl - Type : ACT_GATHER_INFO
2008-01-27 Name : The remote openSUSE host is missing a security update.
File : suse_apache2-mod_php5-4909.nasl - Type : ACT_GATHER_INFO
2008-01-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0004.nasl - Type : ACT_GATHER_INFO
2008-01-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0005.nasl - Type : ACT_GATHER_INFO
2008-01-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0006.nasl - Type : ACT_GATHER_INFO
2008-01-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0008.nasl - Type : ACT_GATHER_INFO
2008-01-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0006.nasl - Type : ACT_GATHER_INFO
2008-01-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0005.nasl - Type : ACT_GATHER_INFO
2008-01-03 Name : The remote web server uses a version of PHP that is affected by multiple issues.
File : php_4_4_8.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_php5-3754.nasl - Type : ACT_GATHER_INFO
2007-12-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-549-2.nasl - Type : ACT_GATHER_INFO
2007-11-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-549-1.nasl - Type : ACT_GATHER_INFO
2007-11-20 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_392b5b1d947111dc9db7001c2514716c.nasl - Type : ACT_GATHER_INFO
2007-11-12 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2007-314-01.nasl - Type : ACT_GATHER_INFO
2007-11-12 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_5.nasl - Type : ACT_GATHER_INFO
2007-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2007-2215.nasl - Type : ACT_GATHER_INFO
2007-10-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0888.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_php5-3745.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_php5-3753.nasl - Type : ACT_GATHER_INFO
2007-10-09 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200710-02.nasl - Type : ACT_GATHER_INFO
2007-10-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0889.nasl - Type : ACT_GATHER_INFO
2007-09-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0889.nasl - Type : ACT_GATHER_INFO
2007-09-25 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-709.nasl - Type : ACT_GATHER_INFO
2007-09-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0890.nasl - Type : ACT_GATHER_INFO
2007-09-24 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-187.nasl - Type : ACT_GATHER_INFO
2007-09-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0890.nasl - Type : ACT_GATHER_INFO
2007-09-14 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_71d903fc602d11dc898c001921ab2fa4.nasl - Type : ACT_GATHER_INFO
2007-09-03 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_4.nasl - Type : ACT_GATHER_INFO
2007-06-04 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2007-152-01.nasl - Type : ACT_GATHER_INFO
2007-06-02 Name : The remote web server uses a version of PHP that is affected by multiple flaws.
File : php_5_2_3.nasl - Type : ACT_GATHER_INFO