Risk | Critical |
Patch available | YES |
Number of vulnerabilities | 6 |
CVE-ID | CVE-2011-4153 CVE-2012-0830 CVE-2012-0883 CVE-2012-1172 CVE-2012-1823 CVE-2012-2311 |
CWE-ID | CWE-476 CWE-399 CWE-264 CWE-20 CWE-78 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Vulnerability #5 is being exploited in the wild. Vulnerability #6 is being exploited in the wild. |
Vulnerable software Subscribe |
HP-UX Web Server Suite Other software / Other software solutions |
Vendor | HPE |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
EUVDB-ID: #VU44404
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2011-4153
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.
MitigationInstall update from vendor's website.
Vulnerable software versionsHP-UX Web Server Suite: before 3.24
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c03368475
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU33324
Risk: Medium
CVSSv3.1: 6.6 [CVSS:3.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2012-0830
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
MitigationInstall update from vendor's website.
Vulnerable software versionsHP-UX Web Server Suite: before 3.24
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c03368475
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU32751
Risk: Low
CVSSv3.1: 7.3 [CVSS:3.1/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-0883
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to execute arbitrary code.
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
MitigationInstall update from vendor's website.
Vulnerable software versionsHP-UX Web Server Suite: before 3.24
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c03368475
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU44053
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-1172
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate or delete data.
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
MitigationInstall update from vendor's website.
Vulnerable software versionsHP-UX Web Server Suite: before 3.24
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c03368475
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU4201
Risk: Critical
CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2012-1823
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to error when parsing QUERY_STRING parameters within PHP-CGI-based application (sapi/cgi/cgi_main.c). A remote attacker can send specially crafted HTTP request with query string without the "=" (equals sign) character, inject and execute arbitrary OS commands on vulnerable system with privileges of the web server.
Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Install update from vendor's website.
Vulnerable software versionsHP-UX Web Server Suite: before 3.24
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c03368475
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU5939
Risk: Critical
CVSSv3.1: 9.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2012-2311
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to error when parsing QUERY_STRING parameters within PHP-CGI-based application (sapi/cgi/cgi_main.c). A remote attacker can send specially crafted HTTP request with query string, contain a %3D sequence but no = (equals sign) character, inject and execute arbitrary OS commands on vulnerable system with privileges of the web server.
Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.
This vulnerability is a result of an incomplete fix for SB2012050301.
Note: the vulnerability was being actively exploited.
Install update from vendor's website.
Vulnerable software versionsHP-UX Web Server Suite: before 3.24
External linkshttp://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-c03368475
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.