Subject: | |
From: | |
Reply To: | Johnson, Tracy |
Date: | Mon, 12 Aug 2002 09:05:47 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
I read the following regarding today HPC-UX.
Is MPE/iX also vulnerable?
Tracy Johnson
MSI Schaevitz Sensors
[FOR PUBLIC RELEASE]
-----BEGIN PGP SIGNED MESSAGE-----
__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
HP Apache Server Vulnerability in PHP
[HPSBUX0208-207]
August 9, 2002 19:00 GMT Number M-108
______________________________________________________________________________
PROBLEM: The potential exists for a remotely exploitable vulnerability
in the portion of PHP code responsible for handling file
uploads, specifically multipart/form-data.
PLATFORM: HP9000 Servers running HP-UX release 11.00, 11.11, 11.20, and
11.22 with the HP Apache product installed.
DAMAGE: Potential for increased privilege, denial of service, or
execution of arbitrary code.
SOLUTION: Install product bundles as described below.
______________________________________________________________________________
VULNERABILITY The risk is HIGH. Exploiting this vulnerability could lead to
ASSESSMENT: an increase of privileges, denial of service, or execution of
arbitrary code. It is remotely exploitable.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/m-108.shtml
ORIGINAL BULLETIN: http://online.securityfocus.com/advisories/4362
______________________________________________________________________________
[***** Start HPSBUX0208-207 *****]
http://www.ciac.org/ciac/bulletins/m-108.shtml
[***** End HPSBUX0208-207 *****]
-----BEGIN PGP SIGNATURE-----
[PGP signature snipped. What? You don't trust or believe it's from
the govern-meant?]
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|