HP Secure Web Server (SWS) for OpenVMS, DoS, Unauthorized Access, Disclosure of Information Vulnerability

Summary

Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, or unauthorized disclosure of information.

Credit:

Details

Vulnerable Systems:
 * HP Secure Web Server (SWS) for OpenVMS V2.2 and earlier.

HP has made the following software update available to resolve these vulnerabilities.
:
OpenVMS Integrity servers
HP-I64VMS-CSWS22_UPDATE-V0200–4.PCSI_SFX_I64EXE

OpenVMS Alpha servers
CPQ-AXPVMS-CSWS22_UPDATE-V0200–4.PCSI_SFX_AXPEXE

Patch Availability:
http://h71000.www7.hp.com/openvms/products/ips/apache/csws_patches.html

CVE Information:
CVE-2011-0419
CVE-2011-1928
CVE-2011-3192
CVE-2011-3368
CVE-2011-3607
CVE-2011-4317
CVE-2012-0031

Disclosure Timeline:
Version:1 (rev.1) – 8 October 2012 Initial release
Release Date: 2012-10-08
Last Updated: 2012-10-08

Categories: News