| VID |
22325 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The WASD HTTP Server for OpenVMS, according to its banner, has multiple vulnerabilities. WASD VMS Hypertext Services is a popular HTTP server for OpenVMS released under the GNU GPL. WASD versions 7.1, 7.2.0 through 7.2.3, and 8.0.0 are vulnerable to multiple vulnerabilities. The consequences of successful exploitation of these vulnerabilities may range from information disclosure to varying degrees of remote SYSTEM (root) compromise.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a False Positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2002-09/0323.html
http://wasd.vsm.com.au/ht_root/doc/misc/wasd_advisory_020925.txt
http://www.securiteam.com/securitynews/5IP13008AY.html
* Platforms Affected:
WASD VMS Hypertext Services versions 7.2.3 and earlier
WASD VMS Hypertext Services version 8.0.0
HP OpenVMS Any version |
| Recommendation |
Upgrade to the latest version of WASD VMS Hypertext Services (7.2.4, 8.0.1 or 8.1 or later), available from the WASD Web page at http://wasd.vsm.com.au/WASD/
For WASD 8.0.0:
Apply the WASD 8.0.1 Mandatory Security Update kit, available from the WASD Web page at http://wasd.vsm.com.au/WASD/
For WASD 7.2.0, 7.2.1, 7.2.2, and 7.2.3:
Apply the WASD 7.2.4 Manddatory Security Update kit, available from the WASD Web page at http://wasd.vsm.com.au/WASD/ |
| Related URL |
(CVE) |
| Related URL |
5811 (SecurityFocus) |
| Related URL |
10209,10211,10212,10213,10214 (ISS) |
|
