NSAPI TGA and Java Servlet Plugins DoS

2000-10-12T00:00:00
ID OSVDB:5834
Type osvdb
Reporter OSVDB
Modified 2000-10-12T00:00:00

Description

Vulnerability Description

The NSAPI plugin versions of the TGA and Java Servlet proxy for HP VirtualVault contain a flaw that may allow a denial of service attack. The issue is triggered under certain conditions that have not been disclosed, and will result in loss of availability of services on the affected computer due to high CPU utilization.

Technical Description

An HP9000 Series 700/800 running the HP-UX Virtual Vault Operating System (VVOS)version 10.24 or 11.04 may be vulnerable to a denial of service attack. The NSAPI (Netscape Application Programming Interface) plugin versions of the TGA (Trusted Gateway Agent) and Java Servlet proxy may demonstrate high CPU utilization under certain conditions when running under VirtualVault 3.50 (for HP-UX VVOS version 10.24) or VirtualVault 4.0 (for HP-UX VVOS version 11.04). Further details are unknown.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, HP has released a patch to address this vulnerability:

For HP-UX release 10.24 with VirtualVault A.03.50: apply patch PHSS_22187 For HP-UX release 11.04 with VirtualVault A.04.00: apply patch PHSS_22296

Short Description

The NSAPI plugin versions of the TGA and Java Servlet proxy for HP VirtualVault contain a flaw that may allow a denial of service attack. The issue is triggered under certain conditions that have not been disclosed, and will result in loss of availability of services on the affected computer due to high CPU utilization.

References:

Vendor Specific Advisory URL ISS X-Force ID: 5361 CVE-2000-0965 Bugtraq ID: 1843