Summary
| Detail | |||
|---|---|---|---|
| Vendor | Hp | First view | 1997-11-04 |
| Product | Vvos | Last view | 2004-12-31 |
| Version | Type | Os | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2004-12-31 | CVE-2004-1332 | Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request. |
| 10 | 2004-08-06 | CVE-2004-0492 | Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. |
| 4.6 | 2003-04-11 | CVE-2002-1439 | Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files. |
| 7.5 | 2003-04-11 | CVE-2002-1408 | Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 snmpModules allow the SNMP read-write community name to be exposed, related to (1) "'read-only' community access," and/or (2) an easily guessable community name. |
| 5 | 2002-12-31 | CVE-2002-1793 | HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service. |
| 10 | 2001-07-19 | CVE-2001-1264 | Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges. |
| 5 | 2001-07-07 | CVE-2001-1244 | Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process. |
| 5 | 2000-12-19 | CVE-2000-0965 | The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10.24 and 11.04 allows an attacker to cause a denial of service (high CPU utilization). |
| 4.6 | 2000-05-04 | CVE-2000-0414 | Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables. |
| 5 | 2000-04-06 | CVE-2000-0251 | HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses. |
| 10 | 2000-01-18 | CVE-1999-0992 | HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP). |
| 7.5 | 1998-11-16 | CVE-1999-0057 | Vacation program allows command execution by remote users through a sendmail command. |
| 7.2 | 1998-01-21 | CVE-1999-0014 | Unauthorized privileged access or denial of service via dtappgather program in CDE. |
| 7.2 | 1997-11-04 | CVE-1999-0306 | buffer overflow in HP xlock program. |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:5931 | The vacation program erroneously passes parameters to sendmail. |
| oval:org.mitre.oval:def:5576 | shutdown(1M) improperly handles input variables. |
| oval:org.mitre.oval:def:5735 | The NSAPI plugin versions of the TGA and the Java Servlet proxy demonstrate h... |
| oval:org.mitre.oval:def:4863 | Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow |
| oval:org.mitre.oval:def:100112 | Apache mod_proxy Content-Length Header Buffer Overflow |
| oval:org.mitre.oval:def:5701 | HP-UX ftpd, Remote Privileged Access |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 37557 | HP-UX VVOS HTTP Server mod_ssl Module SSL Request Timeout DoS |
| 12553 | HP-UX FTP Server Debug Logging Remote Overflow |
| 11648 | CDE dtappgather Symlink Privilege Escalation |
| 11343 | HP OpenView EMANATE snmpModules Information Disclosure |
| 11074 | HP VirtualVault Trusted Gateway Proxy Process Restriction Bypass |
| 10385 | Multiple TCP Implementation Mismatched MSS DoS |
| 9637 | HP-UX VVOS TGA Daemon Stack Corruption System File Access |
| 9627 | HP-UX VVOS mkacct Unspecified Privilege Escalation |
| 6839 | Apache HTTP Server mod_proxy Content-Length Overflow |
| 5834 | NSAPI TGA and Java Servlet Plugins DoS |
| 1324 | HP-UX shutdown Input Variable Mishandling Local Privilege Escalation |
| 1274 | HP VirtualVault Aliased IP Addresses Unprivileged Process Data Interception |
| 1108 | Multiple Vendor vacation Arbitrary Command Execution |
| 941 | Multiple Vendor xlock Local Overflow |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-06-03 | Name : Solaris Update for Apache Security 113146-12 File : nvt/gb_solaris_113146_12.nasl |
| 2009-06-03 | Name : Solaris Update for Apache Security 114145-11 File : nvt/gb_solaris_114145_11.nasl |
| 2009-06-03 | Name : Solaris Update for Apache 116973-07 File : nvt/gb_solaris_116973_07.nasl |
| 2009-06-03 | Name : Solaris Update for Apache 116974-07 File : nvt/gb_solaris_116974_07.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-16 (Apache) File : nvt/glsa_200406_16.nasl |
| 2008-09-04 | Name : FreeBSD Ports: apache File : nvt/freebsd_apache2.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 525-1 (apache) File : nvt/deb_525_1.nasl |
| 2005-11-03 | Name : Apache mod_proxy content-length buffer overflow File : nvt/apache_mod_proxy_buff_overflow.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php File : nvt/esoft_slk_ssa_2004_299_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2004-305-01 apache+mod_ssl File : nvt/esoft_slk_ssa_2004_305_01.nasl |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | server negative Content-Length attempt RuleID : 2580-community - Type : SERVER-WEBAPP - Revision : 11 |
| 2014-01-10 | server negative Content-Length attempt RuleID : 2580 - Type : SERVER-WEBAPP - Revision : 11 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_ca6c8f350a5f11d9ad6f00061bc2ad93.nasl - Type: ACT_GATHER_INFO |
| 2005-07-13 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2004-299-01.nasl - Type: ACT_GATHER_INFO |
| 2005-02-16 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHNE_31034.nasl - Type: ACT_GATHER_INFO |
| 2005-02-16 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHNE_16295.nasl - Type: ACT_GATHER_INFO |
| 2005-02-16 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHNE_23949.nasl - Type: ACT_GATHER_INFO |
| 2005-02-16 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHNE_23950.nasl - Type: ACT_GATHER_INFO |
| 2005-02-16 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHNE_24395.nasl - Type: ACT_GATHER_INFO |
| 2005-02-16 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHNE_29460.nasl - Type: ACT_GATHER_INFO |
| 2005-02-16 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHNE_29461.nasl - Type: ACT_GATHER_INFO |
| 2005-02-16 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHNE_29462.nasl - Type: ACT_GATHER_INFO |
| 2004-12-02 | Name: The remote host is missing a Mac OS X update that fixes a security issue. File: macosx_SecUpd20041202.nasl - Type: ACT_GATHER_INFO |
| 2004-10-25 | Name: The remote web server is affected by a heap-based buffer overflow vulnerability. File: apache_mod_proxy_buff_overflow.nasl - Type: ACT_GATHER_INFO |
| 2004-10-17 | Name: The remote host is missing Sun Security Patch number 116973-07 File: solaris8_116973.nasl - Type: ACT_GATHER_INFO |
| 2004-10-17 | Name: The remote host is missing Sun Security Patch number 116974-07 File: solaris8_x86_116974.nasl - Type: ACT_GATHER_INFO |
| 2004-09-29 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-525.nasl - Type: ACT_GATHER_INFO |
| 2004-08-30 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200406-16.nasl - Type: ACT_GATHER_INFO |
| 2004-07-31 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2004-065.nasl - Type: ACT_GATHER_INFO |
| 2004-07-12 | Name: The remote host is missing Sun Security Patch number 113146-13 File: solaris9_113146.nasl - Type: ACT_GATHER_INFO |
| 2004-07-12 | Name: The remote host is missing Sun Security Patch number 114145-12 File: solaris9_x86_114145.nasl - Type: ACT_GATHER_INFO |
| 2004-07-06 | Name: The remote host is using an unsupported version of Mac OS X. File: macosx_version.nasl - Type: ACT_GATHER_INFO |
| 2004-07-06 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2004-245.nasl - Type: ACT_GATHER_INFO |
