ID CVE-2012-5955
Summary Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS allows remote attackers to execute arbitrary commands via unknown vectors.
References
Vulnerable Configurations
  • IBM HTTP Server 5.3
    cpe:2.3:a:ibm:http_server:5.3
  • IBM WebSphere Application Server (WAS) for z/OS
    cpe:2.3:a:ibm:websphere_application_server:-:-:-:-:-:z%2fos
CVSS
Base: 10.0 (as of 20-12-2012 - 10:24)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family Web Servers
NASL id IBM_ZOS_HTTPD_5_3_0.NASL
description According to its banner, the version of IBM HTTP Server on the remote host is version 5.3.0. It is, therefore, potentially affected by an unspecified command execution vulnerability. This issue only affects IBM HTTP Server for z/OS. Note that Nessus did not actually test for this issue, but instead has relied on the version in the server's banner. Further note that Nessus has not attempted to determine if the 'PTF UK90469' patch or a later patch has been applied. If a patch has already been applied, consider this a false positive.
last seen 2019-01-16
modified 2018-07-12
plugin id 66760
published 2013-06-03
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=66760
title IBM HTTP Server for z/OS 5.3.0 Command Execution
refmap via4
confirm http://www-01.ibm.com/support/docview.wss?&uid=swg21620945
xf ibmhttp-zos-command-execution(80684)
Last major update 28-12-2012 - 00:00
Published 20-12-2012 - 07:02
Last modified 28-08-2017 - 21:32
Back to Top