Lucene search
This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.HPUX_PHSS_30055.NASLHistoryMar 18, 2005 - 12:00 a.m.
HP-UX PHSS_30055 : s700_800 11.04 Virtualvault 4.7 IWS update
2005-03-1800:00:00
This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.955
Percentile
99.4%
s700_800 11.04 Virtualvault 4.7 IWS update :
The remote HP-UX host is affected by multiple vulnerabilities :
-
Multiple stack-based buffer overflows in mod_alias and mod_rewrite modules for Apache versions prior to 1.3.29.
-
Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and patch checks in this plugin were
# extracted from HP patch PHSS_30055. The text itself is
# copyright (C) Hewlett-Packard Development Company, L.P.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(17511);
script_version("1.22");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2003-0543", "CVE-2003-0544", "CVE-2003-0545");
script_bugtraq_id(8911);
script_xref(name:"CERT", value:"104280");
script_xref(name:"CERT", value:"255484");
script_xref(name:"CERT", value:"686224");
script_xref(name:"CERT", value:"732952");
script_xref(name:"CERT", value:"935264");
script_xref(name:"HP", value:"HPSBUX0310");
script_xref(name:"HP", value:"HPSBUX0401");
script_xref(name:"HP", value:"SSRT3622");
script_xref(name:"HP", value:"SSRT4681");
script_name(english:"HP-UX PHSS_30055 : s700_800 11.04 Virtualvault 4.7 IWS update");
script_summary(english:"Checks for the patch in the swlist output");
script_set_attribute(
attribute:"synopsis",
value:"The remote HP-UX host is missing a security-related patch."
);
script_set_attribute(
attribute:"description",
value:
"s700_800 11.04 Virtualvault 4.7 IWS update :
The remote HP-UX host is affected by multiple vulnerabilities :
- Multiple stack-based buffer overflows in mod_alias and
mod_rewrite modules for Apache versions prior to 1.3.29.
- Potential Apache HTTP server vulnerabilities have been
reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT
VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224
CERT VU#732952 CERT VU#104280
http://www.openssl.org/news/secadv/20030930.txt."
);
# http://www.openssl.org/news/secadv/20030930.txt
script_set_attribute(
attribute:"see_also",
value:"https://www.openssl.org/news/secadv/20030930.txt"
);
script_set_attribute(
attribute:"solution",
value:"Install patch PHSS_30055 or subsequent."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(119);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
script_set_attribute(attribute:"patch_publication_date", value:"2003/12/05");
script_set_attribute(attribute:"patch_modification_date", value:"2004/01/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/18");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"HP-UX Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("hpux.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
if (!hpux_check_ctx(ctx:"11.04"))
{
exit(0, "The host is not affected since PHSS_30055 applies to a different OS release.");
}
patches = make_list("PHSS_30055", "PHSS_30639", "PHSS_30944", "PHSS_31823", "PHSS_32140", "PHSS_34169", "PHSS_35106", "PHSS_35308", "PHSS_35460", "PHSS_35555");
foreach patch (patches)
{
if (hpux_installed(app:patch))
{
exit(0, "The host is not affected because patch "+patch+" is installed.");
}
}
flag = 0;
if (hpux_check_patch(app:"VaultTS.VV-CORE-CMN", version:"A.04.70")) flag++;
if (hpux_check_patch(app:"VaultTS.VV-IWS", version:"A.04.70")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Related
nessus
nessus
securityvulns
securityvulns
CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations
2003-10-03 00:00:00
[Full-Disclosure] [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing
2003-09-30 00:00:00
Subject: [OpenPKG-SA-2003.044] OpenPKG Security Advisory (openssl)
2003-09-30 00:00:00
openvas
openvas
HP-UX Update for AAA Server HPSBUX00286
2009-05-05 00:00:00
Debian: Security Advisory (DSA-394)
2008-01-17 00:00:00
HP-UX Update for AAA Server HPSBUX00286
2009-05-05 00:00:00
cert
cert
Multiple vulnerabilities in SSL/TLS implementations
2003-09-30 00:00:00
OpenSSL ASN.1 parser insecure memory deallocation
2003-09-30 00:00:00
OpenSSL contains integer overflow handling ASN.1 tags (2)
2003-09-30 00:00:00
osv
osv
openssl - denial of service
2003-10-01 00:00:00
openssl095 - ASN.1 parsing vulnerability
2003-10-11 00:00:00
suse
suse
remote denial-of-service in openssl
2003-10-01 17:18:32
debian
debian
[SECURITY] [DSA 394-1] New openssl095 packages fix denial of service
2003-10-11 13:54:07
[SECURITY] [DSA 394-1] New openssl095 packages fix denial of service
2003-10-11 13:54:07
[SECURITY] [DSA-393-1] New OpenSSL packages correct denial of service issues
2003-10-01 00:00:00
redhat
redhat
(RHSA-2003:293) openssl security update
2003-09-30 00:00:00
cisco
cisco
SSL Implementation Vulnerabilities
2003-09-30 23:30:00
redhatcve
redhatcve
CVE-2005-1730
2015-10-30 10:15:31
debiancve
debiancve
cve
cve
nvd
nvd
openssl
openssl
Vulnerability in OpenSSL CVE-2003-0545
2003-09-30 00:00:00
Vulnerability in OpenSSL CVE-2003-0544
2003-09-30 00:00:00
Vulnerability in OpenSSL CVE-2003-0543
2003-09-30 00:00:00
cvelist
cvelist
ubuntucve
ubuntucve
oraclelinux
oraclelinux
openssl-fips security update
2015-04-02 00:00:00
openssl security update
2019-03-13 00:00:00
openssl security update
2019-08-16 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.955
Percentile
99.4%
Related for HPUX_PHSS_30055.NASL