Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.HPUX_PHSS_30058.NASL
HistoryMar 18, 2005 - 12:00 a.m.

HP-UX PHSS_30058 : s700_800 11.04 Webproxy server 2.1 update

2005-03-1800:00:00
This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

s700_800 11.04 Webproxy server 2.1 update :

The remote HP-UX host is affected by multiple vulnerabilities :

  • Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224 CERT VU#732952 CERT VU#104280 http://www.openssl.org/news/secadv/20030930.txt.

  • Multiple stack-based buffer overflows in mod_alias and mod_rewrite modules for Apache versions prior to 1.3.29.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and patch checks in this plugin were 
# extracted from HP patch PHSS_30058. The text itself is
# copyright (C) Hewlett-Packard Development Company, L.P.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(17514);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2003-0543", "CVE-2003-0544", "CVE-2003-0545");
  script_bugtraq_id(8911);
  script_xref(name:"CERT", value:"104280");
  script_xref(name:"CERT", value:"255484");
  script_xref(name:"CERT", value:"686224");
  script_xref(name:"CERT", value:"732952");
  script_xref(name:"CERT", value:"935264");
  script_xref(name:"HP", value:"HPSBUX0310");
  script_xref(name:"HP", value:"HPSBUX0401");
  script_xref(name:"HP", value:"SSRT3622");
  script_xref(name:"HP", value:"SSRT4681");

  script_name(english:"HP-UX PHSS_30058 : s700_800 11.04 Webproxy server 2.1 update");
  script_summary(english:"Checks for the patch in the swlist output");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote HP-UX host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"s700_800 11.04 Webproxy server 2.1 update : 

The remote HP-UX host is affected by multiple vulnerabilities :

  - Potential Apache HTTP server vulnerabilities have been
    reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT
    VU#935264 CERT VU#255484 CERT VU#255484 CERT VU#686224
    CERT VU#732952 CERT VU#104280
    http://www.openssl.org/news/secadv/20030930.txt.

  - Multiple stack-based buffer overflows in mod_alias and
    mod_rewrite modules for Apache versions prior to 1.3.29."
  );
  # http://www.openssl.org/news/secadv/20030930.txt
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.openssl.org/news/secadv/20030930.txt"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Install patch PHSS_30058 or subsequent."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/12/05");
  script_set_attribute(attribute:"patch_modification_date", value:"2004/01/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/18");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"HP-UX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("hpux.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);

if (!hpux_check_ctx(ctx:"11.04"))
{
  exit(0, "The host is not affected since PHSS_30058 applies to a different OS release.");
}

patches = make_list("PHSS_30058", "PHSS_30649", "PHSS_30950", "PHSS_31830", "PHSS_32362", "PHSS_33074", "PHSS_33666", "PHSS_34203", "PHSS_35111");
foreach patch (patches)
{
  if (hpux_installed(app:patch))
  {
    exit(0, "The host is not affected because patch "+patch+" is installed.");
  }
}


flag = 0;
if (hpux_check_patch(app:"HP_Webproxy.HPWEB-PX-CORE", version:"A.02.10")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
hphp-uxcpe:/o:hp:hp-ux

Related

openvas 14
debian 3
nessus 19
suse 1
osv 2
securityvulns 3
cert 4
redhat 1
cisco 1
redhatcve 1
cve 3
debiancve 3
openssl 3
ubuntucve 3
oraclelinux 3
openvas
openvas
HP-UX Update for HP WEBM Services HPSBUX00288
2009-05-05 00:00:00
HP-UX Update for AAA Server HPSBUX00286
2009-05-05 00:00:00
HP-UX Update for BIND v920 HPSBUX00290
2009-05-05 00:00:00
debian
debian
[SECURITY] [DSA 394-1] New openssl095 packages fix denial of service
2003-10-11 13:54:07
[SECURITY] [DSA 394-1] New openssl095 packages fix denial of service
2003-10-11 13:54:07
[SECURITY] [DSA-393-1] New OpenSSL packages correct denial of service issues
2003-10-01 00:00:00
nessus
nessus
HP-UX PHSS_29894 : s700_800 11.04 Webproxy server 2.0 update
2005-02-16 00:00:00
SUSE-SA:2003:043: openssl
2004-07-25 00:00:00
HP-UX PHSS_29891 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access
2005-03-18 00:00:00
suse
suse
remote denial-of-service in openssl
2003-10-01 17:18:32
osv
osv
openssl095 - ASN.1 parsing vulnerability
2003-10-11 00:00:00
openssl - denial of service
2003-10-01 00:00:00
securityvulns
securityvulns
[Full-Disclosure] [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing
2003-09-30 00:00:00
Subject: [OpenPKG-SA-2003.044] OpenPKG Security Advisory (openssl)
2003-09-30 00:00:00
CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations
2003-10-03 00:00:00
cert
cert
Multiple vulnerabilities in SSL/TLS implementations
2003-09-30 00:00:00
OpenSSL contains integer overflow handling ASN.1 tags (2)
2003-09-30 00:00:00
OpenSSL ASN.1 parser insecure memory deallocation
2003-09-30 00:00:00
redhat
redhat
(RHSA-2003:293) openssl security update
2003-09-30 00:00:00
cisco
cisco
SSL Implementation Vulnerabilities
2003-09-30 23:30:00
redhatcve
redhatcve
CVE-2005-1730
2015-10-30 10:15:31
cve
cve
CVE-2003-0545
2003-11-17 05:00:00
CVE-2003-0544
2003-11-17 05:00:00
CVE-2003-0543
2003-11-17 05:00:00
debiancve
debiancve
CVE-2003-0544
2003-11-17 05:00:00
CVE-2003-0545
2003-11-17 05:00:00
CVE-2003-0543
2003-11-17 05:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2003-0544
2003-09-30 00:00:00
Vulnerability in OpenSSL CVE-2003-0545
2003-09-30 00:00:00
Vulnerability in OpenSSL CVE-2003-0543
2003-09-30 00:00:00
ubuntucve
ubuntucve
CVE-2003-0544
2003-11-17 00:00:00
CVE-2003-0545
2003-11-17 00:00:00
CVE-2003-0543
2003-11-17 00:00:00
oraclelinux
oraclelinux
openssl-fips security update
2015-04-02 00:00:00
openssl security update
2019-03-13 00:00:00
openssl security update
2019-08-16 00:00:00
JSON
Related for HPUX_PHSS_30058.NASL
openvas14debian3nessus19suse1osv2securityvulns3cert4redhat1cisco1redhatcve1cve3debiancve3openssl3ubuntucve3oraclelinux3