HP HTTP Server Remote Unspecified Buffer Overflow Vulnerability

Bugtraq ID:	12566
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 15 2005 12:00AM
Updated:	Feb 15 2005 12:00AM
Credit:	This vulnerability was announced by the vendor.
Vulnerable:	HP HTTP Server 5.94 + Compaq Web-Based Management Agent + HP Web-Enabled Management Software HP HTTP Server 5.93 + Compaq Web-Based Management Agent + HP Web-Enabled Management Software HP HTTP Server 5.92 + Compaq Web-Based Management Agent + HP Web-Enabled Management Software HP HTTP Server 5.0 + Compaq Web-Based Management Agent + HP Web-Enabled Management Software
Not Vulnerable:	HP HTTP Server 5.96 + Compaq Web-Based Management Agent + HP Web-Enabled Management Software

HP HTTP Server Remote Unspecified Buffer Overflow Vulnerability

It is reported that the HP HTTP Server is prone to a remote unspecified buffer overflow vulnerability.

Vendor reports indicate that this vulnerability may be exploited by a remote attacker to corrupt process memory and ultimately have arbitrary supplied code executed in the context of the vulnerable process.

This vulnerability is reported to affect HP HTTP Server versions 5.0 through 5.94.

HP HTTP Server Remote Unspecified Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

HP HTTP Server Remote Unspecified Buffer Overflow Vulnerability

Solution:
The vendor has released an advisory and fixes to address this vulnerability. Please see the referenced advisory for further details regarding obtaining and applying appropriate updates.

HP HTTP Server Remote Unspecified Buffer Overflow Vulnerability

References:

• HP Web-Enabled Management Software Security Patch for Windows (HP)